Unable to change MDM scope to None. Reset not working

Iron Contributor



I hope someone can help, I've taken over administration of a tenant that used to have a free trail of Intune installed.  The trial has long since expired but I am now unable to AD Join any Windows PCs.  When I try to attempt a AD Join I get an error message that I don't have sufficient licenses.  I've tracked this down to a setting in AzureAD under "Mobility (MDM and MAM)" and I need to change Intune app user scope to None.  However when I got to this screen I get the following warning:


"The Intune app is enabled. Click here to reset the MDM and MAM scopes for Intune to None. It does not disable Intune app itself. For other MDM apps, please select Delete to remove them from your tenant."



I can click on the link and I get a confirmation notification that it has been successful:



However when I try and change the User scope it returns me to the same message above.


Is there anything I can do in PowerShell to maybe force this update?

Any help/pointers gratefully received.


12 Replies
Have you tried changing from the intune.microsoft.com portal?
I can login to it but I get a notification saying "You haven't enabled device management yet, click here to start". On other pages I get a mixture of 404 errors or permission denied, so it's safe to assume there are no live Intune licenses (which is correct).
Yes, so you will need the Intune Admin role and Intune license at a minimum to be able to made admin level changes in Intune.
I might have not explained properly but I am not using (or want to use) Intune, it was installed in the past but something is still configured in the background of Azure that is preventing me from joining devices to AzureAD

Couldnt you log into the azure portal and configure the intune app etc to none?
That's the bit that isn't working, when I go to that option I get the message telling me to click it to reset it. I do....it doesn't. :)

The issue may require intervention from Microsoft to fix it from their end against your tenant. You better off raising a support case with them.

Yeah, I already have one open but you know how slow MS support can be so I thought I'd ask the community to see if anyone had a magic wand.

@Rob Clarke 

Is there a way to do this without speaking to Microsoft as this appears to an issue for all tenants, regardless of pervious configurations.




ps 600 views say MS need to look at this.

I couldn't find a way, MS support was the only route for me
Thanks for coming back to me Rob,
I contacted MS support via my software reseller and before it got picked up this resolved itself.
So somewhere in between adding intune admin rights to my tenant GA and selecting the option from the entra / azure mdm panel this resolved itself.

Hi Rob Clarke,

This week one of my customers could not change the MDM user scope and WIP user scope. I had to contact Intune support.

This action plan resolved the issue (bug):
- Assign a Microsoft 365 license (i.e. a Microsoft Intune Plan 1 or Microsoft Business Premium license) to the Intune administrator (or Global administrator) and wait for 24 hours. Then try again to change the MDM user scope and WIP user scope.
- Let Intune support run a sync fix for the tenant.