question

TomAlbrechtsen-5844 avatar image
0 Votes"
TomAlbrechtsen-5844 asked LuDaiMSFT-0289 commented

MDM Enrollment

I am new to Endpoint and have hit a wall with a few things. I have been able to add some of our companies devices into Endpoint by going through Account -->Access work or school -->Enroll in Endpoint. This has worked with a handful of devices, but others are not allowing enrollment. I have tried to find why this is the case, what I have found is that these devices need to be changed from Azure AD registered to Azure AD joined. Is there an easy way to do this that will minimize the disruption for each user? I am also confused by this as I have one device that was succesfully enrolled in Endpoint even though the Join Type is Azure AD registered. Do the devices need to be Azure AD joined?

My last question is, Is there a simple way to enroll the devices that are in Azure AD into Endpoint?

mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 edited

@TomAlbrechtsen-5844 Thanks for posting in our Q&A.

To clarify this issue, we appreciate your help to explain some information clearly:
1.Did you enroll the new devices to intune or enroll the devices that have existed in Azure AD to intune?
2.Did you want to make the device join type is "Azure AD joined"?

In fact, "Azure AD registed" devices and "Azure AD joined" devices both can be enrolled to intune.

If the device is new and not in the Azure AD portal, please refer to the following action to enroll:
1.Please Configure automatic MDM enrollment. Set MDM user scope to "ALL" in Devices > Windows enrollment > Automatic Enrollmet in intune portal.
120683-image.png

2.If you enter the account in Access work or school directly, the device will be enrolled in intune and shows "Azure AD registed".
If you click "Join this device to Azure AD" and then enter the account, the device will be enrolled in intune and shows "Azure AD joined".
120646-image.png

If the device has existed in Azure AD portal, it is suggested to try to click on "connect" in Access work or school and enter the account again. Then check if the device is enrolled in intune. If the device is not enrolled in intune, it is needed to delete the device in Azure AD portal and then re-enroll the device(Refer to the steps that enroll the new device).

Hope the above information will help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (22.6 KiB)
image.png (33.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TomAlbrechtsen-5844 avatar image
0 Votes"
TomAlbrechtsen-5844 answered LuDaiMSFT-0289 commented

@LuDaiMSFT-0289
Thanks for the response. I'll answer your questions.

  1. The devices already exist in Azure AD. The goal is to get the devices that are already in Azure AD into Intune.

  2. I want the devices to be Azure AD Joined. My confusion was that I had read that only Joined and not Registered devices could be enrolled in Intune, however I have devices of each type in my Intune.

  3. I have about 15/25 devices into Intune, the rest are giving the error that "Your device is already connected to your organization. You don't have enough privileges to perform this operation. Please talk to your admin." So to clarify that point, I need to go in and remove the device from Azure and then re-join the device using the steps you provided?

Thanks again for the response.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@TomAlbrechtsen-5844 Thanks for your quick update. From the error message, it seems that the device is already managed. Based on my experience, it is better to exclude other factors before enrolling the device to intune.

So, it is suggested to follow the actions:
1.Please make sure the device is not in Azure AD portal and intune portal. If the device exists, please remove it.
2.Make sure MDM user scope to "ALL" and MAM user scope to "None" in Devices > Windows enrollment > Automatic Enrollment in intune portal.
3.Join the device in work or school account.

Then check if the device is enrolled in intune successfully.

If there is anything update, feel free to let us know.

0 Votes 0 ·

@TomAlbrechtsen-5844 I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.

0 Votes 0 ·
TomAlbrechtsen-5844 avatar image
0 Votes"
TomAlbrechtsen-5844 answered

@LuDaiMSFT-0289 Thanks for the response. I will try those steps. Why are these steps required? All of the devices that have successfully enrolled in Intune have also been in Azure AD portal, but these few devices are rejecting enrollment in Intune for some reason.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@TomAlbrechtsen-5844 Based on my experience, if we try these steps to enroll devices, there is no error. Generally, some reasons will make the enrollment failed:
1.There are some old records about the devices in intune or Azure AD portal.
2.Automatic enrollment is not set.
3.The version of the device is not supported.
4.There is some Enrollment restrictions to limit the device. For example: limit the number of the device.
So, we usually check one by one in the troubleshoot process.

It occurred to me that you have about 15/25 devices into intune, it may that there is the limitation number of devices.
122565-image.png



image.png (62.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@TomAlbrechtsen-5844 Haven't heard from you for some time, I am currently standing by for further update from you and would like to know how things are going. If the answer is helpful to you, please accept it. It will make someone who will have the similar issue in the future to find the correct direction easily.

If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.

0 Votes 0 ·