Event details
Im testing the Intune policy to enable Enable Secureboot Certificate Updates and Configure Microsoft Update Managed Opt In, but I can see an error on both:
The test device is a Windows 11 24h2 Enterprise.
Interesting. This is a known issue on PRO devices: Microsoft Intune method of Secure Boot for Windows devices with IT-managed updates - Microsoft Support
Did your device do a step-up from Pro via subscription activation? Or is it an Enterprise base image?
Because it also impacts Windows 11 Business - which is also a subscription activation step-up from Pro for M365 Buiness Premium.
The device was upgraded from Pro to Enterprise via subscription activation.
Ah yes. Also seems to be known. Check here: Secure Boot Status Report: Secure Boot Readiness in Intune
But I'm confident this'll be fixed soon. Also, we still have a few months time.
I have performed the steps according to the resolution info here in the link below, but unfortunately the policy is still erroring: https://support.microsoft.com/en-gb/topic/microsoft-intune-method-of-secure-boot-for-windows-devices-with-it-managed-updates-1c4cf9a3-8983-40c8-924f-44d9c959889d#bkmk_settingdescription
We have the same issue with the Intune policy for our Windows 11 - Enterprise (both 23H2 and 24H2) devices since we created the policy in December. Support case engineer pushed this issue back to the product group. Internally escalated to our CSAM but no progress as of today. I wonder if this behavior may change after our tenant will get the January update, currently still on 2511.
You may also check your logfiles. Interesting about the rejected by licensing. We do install the Enterprise version directly and have E5 license. Could that be somehow related to the license SKUĀ“s ?
MDM ConfigurationManager: Command failure status. Configuration Source ID: (E7B9BC5A-5FBC-4BE9-BEA9-F520F9570CA9), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/SecureBoot/EnableSecurebootCertificateUpdates), Result: (Unknown Win32 Error code: 0x82b00006).
MDM PolicyManager: Set policy int, Policy: (EnableSecurebootCertificateUpdates), Area: (SecureBoot), EnrollmentID requesting set: (E7B9BC5A-5FBC-4BE9-BEA9-F520F9570CA9), Current User: (Device), Int: (0x5944), Enrollment Type: (0x6), Scope: (0x0), Result:(0x82B00006) Unknown Win32 Error code: 0x82b00006.
MDM PolicyManager: Policy is rejected by licensing, Policy: (EnableSecurebootCertificateUpdates), Area: (SecureBoot), Result:(0x82B00006) Unknown Win32 Error code: 0x82b00006.The device was upgraded from Pro to Enterprise via subscription activation.
