Event details
We have recently found across multiple new M365 tenants, that the Self-Deploying enrolment profile is no longer working correctly because it requires a user to login prior to displaying the ESP page. All existing tenants we have configured to use Self-Deploying are still working fine, displaying the ESP page with no need for interactive user login. When we check the logs on a device in the new tenants, after we've signed in and completed the ESP, the status shows that a UserDrivenEnrolment was performed. Has something changed to stop Self-Deploying working without interactive user login on tenants setup in the last two months? Thanks
MicrosoftSelf-deploying mode (SDM) requires that the device is 1) Autopilot-registered and 2) an AP profile configuring SDM is targeted to the device (or a device group that the device is a member of).
If those two prerequisites are correct, then you can check if the device pulled down the AP profile (after you've connected the device to ethernet and booted it to the first page in OOBE) by checking if you see a PolicyJsonCache registry value under the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\AutopilotPolicyCache"; the value should be a JSON blob with your tenant's domain name in it. If the value is not present with your domain in it, then that means the profile failed to be downloaded for some reason. Some possible reasons: 1) You assigned the profile to the wrong device/group. 2) You already went through SDM on the device and need to press the Unblock button for it on the Autopilot Devices blade on the Intune portal (same blade where you registered devices into Autopilot). (Some manufacturers are allowlisted to bypass this unblock for their devices, and so you don't have to press Unblock for their devices in between SDM or pre-provisioning device deployments.)
Hope this helps.