question

17457604 avatar image
0 Votes"
17457604 asked vipulsparsh-MSFT answered

AAD issues about using MDM, enrollment and appx deployment

Hi guys,

I am an MDM service provider, and I had encountered some issues during the development of using AAD and MDM module

1 As far as i know, if the the devices have joined AAD before, the owners have to disconnect to their AAD first, before they can enroll their devices into our server via AAD.
Is there a way to simplify this process? so that the owners don't have to do the disconnection and enroll again.

2 During deploying an APPX package via MDM, we found out that several versions of Win 10 devices can't implement the installation, only these 4 versions are supported (2004, 20h2,
21h1, 21h2)
Is this a defect of the MDM APPX deployment?

3 When we deployed the appx via MDM, usually it takes several mins to finish the sync and the device will start installation, but also it could take more than 30mins to sync sometimes.
Is there a longest waiting time before the sync?

4 Sometimes when we join an AAD, the account would not appear in the "School or work" page, but in the "Other account" page.
Is this common? Is there any difference between "School or work" and "Other account"?

That would be all, thanks everyone

azure-active-directory
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@17457604 Thanks for reaching out. If I understand you correctly you have few questions regarding a 3rd party MDM behavior with Azure AD and Windows 10.
I will try to answer them in similar points.

1) That should not be the case where users have to remove the device from Azure AD and then attempt enrollment.
This article talks further about MDM and Azure AD integration : https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm#integrated-mdm-enrollment-and-ux
Also, the MDM endpoint involvement in Azure AD integrated enrollment : https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm#mdm-endpoints-involved-in-azure-adintegrated-enrollment


2) Appx package installation depends on windows architecture. The behavior should be same if you directly install the package vs you install it via MDM.


3) It should not take that much time, but all the process should be listed under Event viewer. You can track that to see what the device is doing during that time.
Applications and Services Logs/Microsoft/Windows/DeviceManagement-Enterprise-Diagnostics-Provider/Admin

4) If you have added the work account to the device it should reflect that under "School or Work" account option. Other account are for Microsoft accounts like hotmail.com ,outlook.com. Also make sure that the users do not have same email address for their work account and Microsoft account. As that might result in same issue. https://support.microsoft.com/en-us/office/which-account-do-you-want-to-use-2b5bbd7a-7df6-4283-beff-8015e28eb7b9


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.