Error after fresh start and pre-provisioned deployment

Copper Contributor

I have uploaded a couple of devices in AutoPilot. They have an profile with Allow pre-provisioned deployment enabled.

 

When I start with a new device I can use the Allow pre-provisioned deployment and the device will seal and a new user can use the device.

When a dvice has been enrolled and I use the Fresh start option. The devices is being deleted form Intune. At that moment when I do a pre-provisioned deployment I get an error and Time out at the Registering your device for mobile management.

 

The only thing I cab do is delete the AutoPilot record. Upload the device again and everything is working again.

 

I know that there was some communication about these steps and that some steps has been changed. I can't find them anymore. Or is there someone with a solution for this issue?

 

8 Replies
Fresh start without retaining the user data retains de local admin on the device, if you block the local admin in your Autopilot Profile you can run into issues. Not sure if this is happening, you did not mention if you retain the user data when you perform a Fresh Start, but is certainly something to make sure you are not running into. See this resource: https://call4cloud.nl/2021/04/to-retire-or-not-to-wipe/ - check out part 6. Fresh Start..

I don't select the option to retain user data.

 

And I see the point about block the local admin acocunt, but that is not the point. The local admin account isn't blocked

Ok and do you block the local admin option in the Autopilot Profile?
Yes in the autopilot profile the admin account is not selected but normal user account. But in Intune I don't have a rule to block the local admin
Ok so the combination of Fresh Start and blocking the local admin is probably the cause of your issue, you can quickly check this by enabling the local admin in the profile and see if the issue persist.

Only in the AutoPilot profile I switched the option that an enrolled device have an local user and not Local admin.
There are no other block policies.

 

And the error something else than in the article 

Ok but the blocking part is if you are not allowing the local admin, it causes problems with the built in local admin retained during Fresh Start. The behavior you are seeing is indeed different than described in the article but I would definitely rule this out because behavior can change in different situations, but that is up to you ofcourse..
Sebastiaan,

I appreciate your help.

I think I try it the other way. I made a rule to activate the local admin account in Intune. Perhaps on this new devices the account has been disabled.
I will try if this works.