System Center Configuration Manager
1 TopicDevice registration in Co-Management - Error 0x8018002b
Hi All, I am a bit stumped as we have been experiencing issues getting devices into the co-managed state correctly on several of our machines. We did extensive testing on this several months ago and successfully joined 10-15 machines before refocusing our efforts on building out our policies. Machines are showing up in both EPM(Endpoint Manager) and AAD (Azure Active Directory) but have SCCM listed as the MDM authority in AAD. Image 1, Source AAD Image 2, Source EPM Interestingly on the users devices the co-management status is set to 1 we are unable to push apps such as the company portal down to the machine. This value is managed by the Co-Management sliders in SCCM and increases based on how much of the load is managed by Intune. Therefore currently Intune is not managing the device at all, despite it showing up in Intune as Co-Managed. All test cases of this are part of the Pilot collection in SCCM and all sliders are set to Intune Pilot. I have collected logs on all of the devices that have this issue and have noticed this error is present on all of them and users are not getting the MFA prompt to set up intune in the first instance. "Auto MDM Enroll: Device Credential (0x0). Failed (Unknown Win32 Error code 0x8018002b)" This leads me to believe that devices are using the incorrect credential (Device) to sign up for Microsoft EPM despite the following Policy. I have tried the below solutions to no success: Microsoft Solution Troubleshooting Windows device enrolment problems in Microsoft Intune - Intune | Microsoft Docs One of the following conditions should be the cause UPN Contains an unverified or non-routable domain, such as .local - Checked@edu address used MDM user Scope set to None - Checked, set to Some. User is in included group with licenses assigned Community Solution [SOLVED] Intune with AADJ - Cannot auto enrol - Azure Forum - Spiceworks Wait 12 hours… , Waited 48h no change Ensure MDM enrolment Group Policy uses user credential, not device - Checked, See image of Policy above It could be that i am missing something obvious but I would appreciate help finding that component :).6.7KViews0likes2Comments