Device shows twice in Intune and Entra after upgrade, still not activating Enterprise
Hi everyone — I'm looking for advice on a device we're trying to onboard into Intune with proper licensing and Entra join. Background: I have a user whose device was: Originally on Windows 11 Home Manually upgraded to Pro using a generic key (unactivated) Then upgraded to Enterprise using a generic key Factory reset in an attempt to trigger proper OOBE and Entra join Current Problem: Now, we have two device records for the same machine in both Entra ID and Intune: One device is marked Entra registered (personal), showing Windows Pro The other is Entra joined (corporate), showing Windows Enterprise but still not activated (0xC004C003) The user is correctly signed in with their work account Device did not trigger the expected work/school OOBE flow Subscription activation is not completing What I've Tried: Factory reset and cleanup using slmgr /upk and systemreset -cleanpc E5 license is properly assigned Verified login during OOBE is using the correct organizational account Device shows as compliant and managed in Intune But Windows remains unactivated on Enterprise What I'm Wondering: Could the duplicate records (personal and corporate) be interfering with activation? Should I delete both and start fresh? Is there a better way to force clean OOBE + Entra join when recovering a Home device? Should I stop using generic product keys and let subscription activation take over? Any insight would be hugely appreciated — I'm in the middle of deploying Intune across 75 devices by the end of August. Thanks in advance!
Intune Alerts
I would like to create alerts in Intune to trigger for different events. For e.g. Device is enrolled in Intune. Device is encrypted/decrypted from bitlocker. Device is Enrolled Hybrid Entra Join Device is enrolled in Defender Intune policy, etc..... and all others. How can this be done and what licenses are required If any?
Intune bulk enrollment issue with package
Hello, We are encountering an issue while trying to enroll a device in Microsoft Intune within a Windows 10/11 workgroup environment. Using Windows Configuration Designer, we created a provisioning package for device enrollment. However, after executing the package on the device, we observe the following error in the Event Viewer under: Applications and Services Logs>Microsoft>Windows>DeviceManagement-Enterprise-Diagnostics-Provider>Admin: MDM ConfigurationManager: Command failure status. Configuration Source ID: (fb5b5ed2-b681-475c-bb21-c31762a5953d), Enrollment Name: (Provisioning), Provider Name: (AADJ), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/AADJ/BPRT), Result: (Unknown Win32 Error code: 0xcaa2000c). Additionally, when reviewing the Entra Audit logs, we notice that the device gets registered but is immediately unregistered. Could someone help us identify the root cause of this issue or suggest steps to resolve it? Thank youConditional Access Policy for Exchange
Hello Everyone, Previously, our on-premises Exchange was restricted to the internal network. After configuring HMA with Exchange Online, users can now authenticate and access their mailboxes from the Internet. We aim to enforce a conditional access policy to block Exchange access from the Internet for all users except a selected group. These selected users should only access Exchange from Intune-enrolled phones. During testing, a policy blocking a user from Exchange Online also prevented access from the internal network, likely due to the HMA setup. Could you provide guidance on addressing this? Thanks.
Moving to Microsoft Entra joined from Microsoft Entra Hybrid joined
We want to move to Microsoft Entra joined from Microsoft Entra Hybrid joined devices but are struggling to get password resets to work. Normally on our hybrid devices when we reset a password in either Entra ID or Active Directory the user can change their password on the login screen. But when we do the same on a Entra Joined device it says incorrect password. Is there something I'm missing or do Entra Joined devices not support password resets?
