Co-Managed devices not auto-enrolling in Intune

Question

Hi,

We are co-managing a pilot group of devices in Intune. All devices are automatically hybrid-joined to Azure and all show up fine there. I have Automatic enrollment in Intune enabled for a Pilot collection in MEMCM and most devices are enrolling as they get added to that collection, unfortunately, dozens of devices are not. I have compared dsregcmd /status output from failing and working machines and they are identical. The user accounts on those machines appear to be properly licensed and there are "Device is enrolled" and "device is provisioned" entries in the comanagementHandler log. I'm not sure how to proceed or where else to look, so any troubleshooting help is greatly appreciated.

Thanks

Answer 1

Following up. The issue appears to be that the MDM cert in the local store is corrupted so they cant join. This https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1 script somewhat addresses the problem, but needs some tweaking for our environment. I still dont have an answer as to why this is happening, at the moment I just have the fix.

Answer 2

Hi,

Thank you for posting in Microsoft Q&A forum.

1,Here are some good guides to troubleshoot co-management auto-enroll failure:

Support Tip: Understanding auto enrollment in a co-managed environment

Troubleshoot co-management: Auto-enroll existing Configuration Manager-managed devices into Intune

2,You can also try to check below event logs to see if there is any further information:

Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin log

Application and Service Logs > Microsoft > Windows > User Device Registration > Admin log

Thanks for your time. Have a nice day!

Best regards,

Simon

---

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Hi @John Biggston ,

Thanks very much for your feedback and sharing. We're glad that you find the fix. It's appreciated that you could click "Accept Answer" to the helpful reply, this will help other users to search for useful information more quickly. Here's a short summary for the problem.

Problem/Symptom:

Some co-managed devices are not auto-enrolling in Intune, but most other devices are auto-enrolling well.

Solution/Workaround:

The issue appears to be that the MDM cert in the local store is corrupted so they can't join.

This https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1 script somewhat addresses the problem, but needs some tweaking for the special environment.

Reference:

https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1

Thanks again for your time. Have a nice day!

Best regards,

Simon

---

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.