User Profile
Simpuhl
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Intune Enrollment Issues - Found a workaround but it doesn't make sense
Hello, I am curious if anybody else has this issue and knows a fix... Basically, we had a bunch of these devices that were originally in Intune and working fine. These were Enrolled into Intune via Group Policy. (Note: All devices get automatically converted to Autopilot devices also). These users eventually got terminated and the devices were removed from Active Directory. Later on, the business decided to re-use these devices. Some were reimaged via WDS, some were just re-added to the domain... long story short none of them will enroll into Intune. When I looked at the enrollment errors, I got the following error message: This device attempted to enroll via a method not allowed from the device's Autopilot profile. I thought it was interesting because we are not even trying to enroll it via Autopilot or even using it in this case as the device was never reset. I decided to delete a few of them from Autopilot just to see what would happen. Now I get a new error saying: This device can't be enrolled as a personal device while the platform is Blocked under Device Type Restrictions. Workaround: I eventually figured out that if you add someone as an "Enrollment manager", they can bypass this... so I had a tech sign into some of the devices and they enroll... They just need to switch the primary user back to the new user as it registers as themselves. What I am confused about is why is it working this way? It wasn't like this before. Should I allow Windows (MDM) personal devices to be enrolled? If so, how do I actually block true personal devices? These devices are in AD & Entra and those are the only "Windows" devices we want to be allowed to enroll into Intune, unless they are actually enrolled via Autopilot (resetting) of course. Also, using Autopilot does work and does enroll the devices without issues. What I haven't tested: Keeping the device in Autopilot and having an "Enrollment Manager" sign in