Forum Discussion
How to solve the problem of enrolling devices in Intune
Hi everyone,
We are currently trying to enroll our Hybrid AD Joined devices into Intune. While the devices were successfully enrolled in Entra ID, some of them had been manually enrolled in another tenant in Intune previously and are now unable to enroll in the new tenant. Despite removing them from the previous tenant (including Entra ID and Intune), running (dsregcmd /leave) and (dsregcmd /join), and rebooting the devices, the MDM status in Intune part of dsregcmd tools remains as "None," and the following error appears in the device's event log:
Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0xcaa70004)
All devices have Intune F1 licenses. Group policy registration as a device works fine, and SCP is configured through Azure-Entra Connect.
Has anyone encountered this issue, or do you have any suggestions?
Thanks in advance.
9 Replies
- My guess ... there are some old intune left overs on those devices.. you need to manually clean them up before enrolling them. As mentioned here ... take a look at the enrollment registry keys... i guess there are still a few stuck
https://call4cloud.nl/device-enrollment-errors-intune/#55_Device_previously_AADR_enrolled Hello. I've encountered this problem before (it was a corporate divestiture where a line of business was sold). What I found that worked was to not just disable the object in the source tenant but also delete and scrub the object so that it wasn't even recoverable.
Ringo
- Thank you for your explanation. Can you explain this issue a little more? Do you mean uninstalling the device from our on-premises Active Directory domain and deleting the device object from the domain controller?
- Any non interactive sign-in failures in Entra against device management? Do you have a CA policy enforcing MFA for sign-ins?
rahuljindalWe don't have CA policy enforcing MFA
- So all good in sign-in logs?
