Intune Autoenrollment - MDM User Scope Question

Copper Contributor

Hi

 

Have I missed something here, I have a test device classified as personal where the user is in scope for Azure ad Join, Is NOT part of the MDM user Scope and personal devices is blocked.

 

During OOBE I get an error when setting up the device for corporate use (80180014), which is due to the enrollment restrictions blocking personal devices as I can see the report in Intune.

 

However why is the device not trying to Join Azure AD only? As the user is not in scope for Auto MDM join, I was expecting the device to Azure AD join only, or is the OOBE configured to try and enroll to Intune irrespective of the Intune MDM scopes and Azure AD only join is only via Windows settings?

 

Thanks

James

2 Replies

Mmmm... when enrolling an existing device to aadj or aadr within windows and you have blocked personal device enrollments and the user is not in the mdm scope the device would just enroll into aadj or aadr without that error....

Just tried the same but this time from the oobe (windows 11) and started the azure ad join... and it just joined AAD without the error... so the same as with an existing device

 

 

Hi,

Thank you so much, bit of a strange one, I will give it another go in case the mdm scope change took a long time to replicate or something, will also try with win11 like you and will report back anyway so everyone knows:) thanks