Co-Managed devices not auto-enrolling in Intune

John Biggston 106 Reputation points
2024-07-15T18:53:31.96+00:00

Hi,

We are co-managing a pilot group of devices in Intune. All devices are automatically hybrid-joined to Azure and all show up fine there. I have Automatic enrollment in Intune enabled for a Pilot collection in MEMCM and most devices are enrolling as they get added to that collection, unfortunately, dozens of devices are not. I have compared dsregcmd /status output from failing and working machines and they are identical. The user accounts on those machines appear to be properly licensed and there are "Device is enrolled" and "device is provisioned" entries in the comanagementHandler log. I'm not sure how to proceed or where else to look, so any troubleshooting help is greatly appreciated.

Thanks

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,193 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. John Biggston 106 Reputation points
    2024-07-25T14:48:32.8033333+00:00

    Following up. The issue appears to be that the MDM cert in the local store is corrupted so they cant join. This https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1 script somewhat addresses the problem, but needs some tweaking for our environment. I still dont have an answer as to why this is happening, at the moment I just have the fix.

    1 person found this answer helpful.
    0 comments No comments

  2. Simon Ren-MSFT 35,386 Reputation points Microsoft Vendor
    2024-07-16T11:19:33.34+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    1,Here are some good guides to troubleshoot co-management auto-enroll failure:

    Support Tip: Understanding auto enrollment in a co-managed environment

    Troubleshoot co-management: Auto-enroll existing Configuration Manager-managed devices into Intune

    2,You can also try to check below event logs to see if there is any further information:

    Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin log

    Application and Service Logs > Microsoft > Windows > User Device Registration > Admin log

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Simon Ren-MSFT 35,386 Reputation points Microsoft Vendor
    2024-07-29T08:24:09.9266667+00:00

    Hi @John Biggston ,

    Thanks very much for your feedback and sharing. We're glad that you find the fix. It's appreciated that you could click "Accept Answer" to the helpful reply, this will help other users to search for useful information more quickly. Here's a short summary for the problem.

    Problem/Symptom:

    Some co-managed devices are not auto-enrolling in Intune, but most other devices are auto-enrolling well.

    Solution/Workaround:

    The issue appears to be that the MDM cert in the local store is corrupted so they can't join.

    This https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1 script somewhat addresses the problem, but needs some tweaking for the special environment.

    Reference:

    https://github.com/AdamGrossTX/Toolbox/blob/master/Intune/Intune-UnHybridJoin.ps1

    co-managed

    Thanks again for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.