2,099 questions
Is the device successfully hybrid joined? Any CA policy implemented requiring MFA in the background? Have you checked the user sign-in logs in Entra ID?
Intune enrollment via GPO
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 32%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
srinivas Pasupuleti100
60
Reputation points
Hello,
We have Entra hybrid joined devices and i tried to enroll devices into intune via GPO,it is assigned to the OU in AD.It was successfully applied to users.It is enable for auto enrollment type is user credential.
User has intune license and Microsoft 365 business basic license.And my organization tenant has Entra ID p2 license.IS user require Entra ID p2 license or tenant Entra ID p2 license is enough.
And In Intune Automatic enrollment set to All
In task scheduler-->microsoft-->windows->Enterprisemgmt -->showing as above screenshot.It showing access denied.
In Event viewer -->application logs-->microsoft-->windows->Task scheduler->operational-->it shows as error below screenshot
Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
1,510 questions
Microsoft Security | Intune | Other
5,571 questions
{count} votes
-
Rahul Jindal 10,911 Reputation points2024-07-24T16:07:47.6066667+00:00 What does it say under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
-
srinivas Pasupuleti100 60 Reputation points
2024-07-24T16:12:29.9+00:00 Please find the snap
And also event id showing for one user 76,90
And another user it shows event id 256,2545
Sign in to comment
3 answers
Sort by: Most helpful
-
Rahul Jindal 10,911 Reputation points
2024-07-24T16:18:57.5866667+00:00 -
srinivas Pasupuleti100 60 Reputation points
2024-07-24T16:23:35.7266667+00:00 Device showing Azure AD joined:yes when i run dsregcmd/status in cmd.
I checked the CA policy it was not requiring MFA for authentication.
-
Rahul Jindal 10,911 Reputation points
2024-07-24T16:36:47.55+00:00 Thanks, but does the device show up in Entra ID as hybrid joined? Also, was the device ever managed by a non MS MDM provider?
-
srinivas Pasupuleti100 60 Reputation points
2024-07-24T16:39:31.82+00:00 Actually it was before domain joined + entra registered(Microsoft Intune ) as BYOD device so we planned to Entra hybrid joined to make COD device.
Sign in to comment -
-
Rahul Jindal 10,911 Reputation points
2024-07-24T16:41:47.82+00:00 That explains a lot. Did you delete the Intune enrolment for the device object showing as Entra registered first?
-
srinivas Pasupuleti100 60 Reputation points
2024-07-24T16:46:58.3033333+00:00 I retired the device from Intune and then enrolled to entra hybrid joined.
Actually i tried to entr hybrid joined+ Intune via GPO in 4 devices 2 devices successfully enrolled to intune .first two users has intune+ Microsoft 365 E5 license successfully enrolled.
another 2 devices showing error as above screenshots. this users has Intune+ microsoft 365 business basic license
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Crystal-MSFT 53,991 Reputation points Microsoft External Staff2024-07-25T01:34:30.59+00:00 @srinivas Pasupuleti100, Thanks for posting in Q&A. From your description, I know the two affected users are with Microsoft Intune and Microsoft 365 business basic license. Based on my checking Microsoft 365 business basic doesn't include Microsoft Entra Premium license.
https://learn.microsoft.com/en-us/entra/fundamentals/licensing#entra-licensing-options
For GPO enrollment, auto-enrollment is needed to be enabled
To enable auto-enrollment, Microsoft Entra ID P1 or P2 is needed.
https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment
For the affected users, it misses this license. Then it can cause failure. Please assign the license to see if it can be working.
Please try the above suggestion and if there's any update, feel free to let us know,
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2024-07-29T02:02:19.7433333+00:00 @srinivas Pasupuleti100, How's everything going? if there's any update, feel free to let us know.
-
srinivas Pasupuleti100 60 Reputation points
2024-07-29T02:59:08.37+00:00 Hi I applied Microsoft 365 E3 license to the user.but devices not joining intune.
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2024-07-29T04:56:45.6833333+00:00 @srinivas Pasupuleti100, Thanks for the reply. After we apply the license to the user, please ensure the user is still sign in the device. And then check the event log under Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin to see what the new error for the enrollment is.
-
srinivas Pasupuleti100 60 Reputation points
2024-07-29T05:28:22.0866667+00:00 -
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2024-07-29T05:53:30.9533333+00:00 @srinivas Pasupuleti100,, I notice this is an information log. Is there any error with enrollment?
Sign in to comment -