![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 77%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENI%3C/text%3E%3C/svg%3E)
1,508 questions
Hello,
If your Hybrid Azure AD Join device is not auto-enrolling into Intune via Group Policy, follow these steps:
- Verify Auto-Enrollment Policy:
- Open Group Policy Management Editor → Navigate to:
Computer`` Configuration > Policies > Administrative Templates > Windows Components > MDM- Enable "Enable automatic MDM enrollment using default Azure AD credentials" and set it to User Credential.
- Open Group Policy Management Editor → Navigate to:
- Check Azure AD PRT Status:
- Run:
dsregcmd /status - If AzureADPRT = No, verify that:
-
- The device is properly Hybrid Joined in Azure AD > Devices.
-
- Seamless SSO is enabled for AAD Connect.
-
- The device has internet access to Microsoft endpoints.
-
- The user is signing in with a Hybrid Azure AD Joined account.
- Run:
- Force Enrollment Sync & Reboot:
- Run:
gpupdate /force- Reboot the machine and check Event Viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider for errors.
- Run:
If the issue persists, ensure the Intune MDM enrollment settings allow auto-enrollment for Hybrid Joined devices under Azure AD > Mobility (MDM & MAM).
✨ Please Upvote and Accept the Answer if it helps! ✨
Thanks & Regards,
Tasadduq Burney
(Microsoft MVP & MCT)
(Azure 15x)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)