Diagnose MDM enrollment

Link : https://learn.microsoft.com/en-us/windows/client-management/mdm-diagnose-enrollment

Verify autoenrollment requirements and settings

  1. Verify that the user who is going to enroll the device has a valid Intune license.

    2. Verify that autoenrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune.

    3. Verify that the device is running a supported version of Windows.

    4. Autoenrollment into Intune via Group Policy is valid only for devices that are Microsoft Entra hybrid joined.

    5. When using group policy for enrollment, verify that the Enable Automatic MDM enrollment using default Microsoft Entra credentials group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices.

    Troubleshoot group policy enrollment

    1. Navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin.
    2. Search for event ID 75 (76), which represents a successful autoenrollment. Here’s an example screenshot that shows the autoenrollment completed successfully:
    3. The autoenrollment process is triggered by a task (Microsoft > Windows > EnterpriseMgmt) within the task-scheduler.
    4. This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs: Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Microsoft Entra ID is triggered by event ID 107.
    5. The task scheduler log displays event ID 102 (task completed) regardless of the autoenrollment success or failure. 
    6. One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (HKLM > Software > Microsoft > Enrollments). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
    7. A resolution to this issue is to remove the registry key manually. If you don’t know which registry key to remove, go for the key that displays most entries as the previous screenshot shows. All other keys display fewer entries as shown in the following screenshot:

    Leave a Reply

    Your email address will not be published. Required fields are marked *