question

aisecond-2443 avatar image
0 Votes"
aisecond-2443 asked vipulsparsh-MSFT commented

On-premises authentication device enrollment failure

8974-2771590656090-pic-hd.jpg


After we configured the MDM discovery URL of the On-premises MDM application in azure portal, and then tried to "join this device to Azure Active Directory" we got the error message above. We have completed the MDM discovery URL according to this, but did not receive any request when registering the Windows10 device. Can you help us solve this error?


azure-active-directory
2771590656090-pic-hd.jpg (33.3 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

vipulsparsh-MSFT avatar image
1 Vote"
vipulsparsh-MSFT answered

@aisecond-2443 It seems you have your own on-premises MDM server where you are trying to enroll your devices. Looking at the error message the service seems to be looking for the Terms Of use URL, can you confirm if you on-prem MDM server has a correct TOU URL. For Intune it is something like this :

8975-tou-url-intune.jpg



tou-url-intune.jpg (54.9 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

aisecond-2443 avatar image
0 Votes"
aisecond-2443 answered aisecond-2443 edited

@VipulSparsh-MSFT Thank you for your reply. If I set intunen's MDM discovery URL here, then this error will not occur. So this should be the wrong MDM discovery URL of our service. But how should we provide a url to register the device. We used to follow the documentation here.The URL provided by our service is https://uitest.safeuem.com/windows/Enrollmentserver/Discovery.svc
The response data is like this
9122-hmsu5igvpohi23qdeg.png

We don’t know what went wrong. Howrad told us that we need to create a resource app and client app on Azure Active Direcroty to complete the verification process.
We want to develop our own MDM service to manage Windows 10 devices. Are there detailed development documents and operation guides to help us?



hmsu5igvpohi23qdeg.png (72.7 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered vipulsparsh-MSFT commented

@aisecond-2443 Yes, we do have an article for adding an On-prem MDM app to Azure AD. You can have a look here



Let me know if you have any questions.


If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

aisecond-2443 avatar image aisecond-2443 ·

@vipulsparsh-MSFT Thank you for your reply, but I think the article is not detailed enough. After reading this article, I still don't know how to develop my own MDM service. If you have extra time, can you answer this question?


0 Votes 0 ·
vipulsparsh-MSFT avatar image vipulsparsh-MSFT aisecond-2443 ·

@aisecond-2443 I understand your scenario, this would be a deep discussion to go through your existing setup and understand your current blockers. We will have to take this offline.

Can you please drop me an email at azcommunity[at]microsoft[dot]com with Subject "Attn - Vipul" and with following information :

TenantId, SubscriptionID

I will take it forward offline, Thanks.






0 Votes 0 ·