Thanks for the link Nathan. I have looked at that page before. We don't use a proxy, but I'm leaning toward maybe the firewall has the same sort of issue. I haven't had a chance to go looking in firewall logs to see if any of the endpoints are mentioned yet. As the devices in question are logged into by generic accounts that don't have internet access, I'm guessing that is causing the problem. I'll look at that first. May need to get a job to our security company to let anonymous traffic through to the endpoints. The other alternative possibility that I found in the DA console, is that the logged in user must have an E3 365 license as well and I'm not positive they do as most are just display devices or single app web console type setups with no need for office. Need to look into that possibility as well. It might be just as easy to do all these separately as they shouldn't have much software anyway.

Based on previous experience, you'll definitely need to open up anonymous web traffic to the MS endpoints.

thanks Nathan, I'm following up with our security company to try and get the anonymous access sorted. will respond back here once I have more info.

Sounds good Paul cheers.

@Nathan Blasac 

We have the firewall rules in now and it made no difference to the devices with the message. "Can't connect to the Connected User Experience and Telemetry endpoint (Vortex). Check your network/proxy settings"

After inputting the firewall rules however, around 20 devices that were in a state of "Awaiting enrolment" for the past couple of months suddenly were configured correctly so it "may" have helped there.
We tested the alternate theory of assigning an E3 license to one of the devices temporarily and this resolved the issue overnight.
Findings
"Can't connect to the Connected User Experience and Telemetry endpoint (Vortex). Check your network/proxy settings" in our case had nothing to do with network or proxy config, for us it meant the user of the device hasn't been issued an E3/E5 license. (as per licensing costs on this page - https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/overview ) opportunity for MS to improve DA there, a message indicating the lack of an appropriate license might be better than the current message.  

 

Rather than spending an extra $15k per year on licensing these consoles to get them registered in DA (about 8% of our fleet), I'll just export them to a collection and do a report of software to analyse manually. As they are only consoles, I doubt they'll have much past our base soe anyway.
thanks for your input.