Device shows in Intune as Azure AD Joined but MDM is NONE

Question

Device shows in Intune as Azure AD Joined but MDM is NONE

Seb Z 1

As in the subject.

How can I add it back so it's managed by Intune?

We only have Azure AD.

Thanks!

Rafique Zaman 0 Reputation points

2024-01-26T10:17:48.7766667+00:00

Device is domain joined, and Azure joined issue not showing in intune: Solution: Logon onto device (laptop) as domain administrator> settings >Access work or school You will find existing account AD domian joint; use the "connect", the account you use here will have device enrollment managers assigned, for MDM server enter "EnterpriseEnrollment-s.manage.microsoft.com" ( please refer to your intune tenant intune.microsoft.com to assign device enrollment managers https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll

devices > enroll devices> device enrollment managers" for MDM dns server "EnterpriseEnrollment-s.manage.microsoft.com" , once enrolled device will be visable to intune) https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-create-cname#best-practices-and-recommendations Hope this helps someone, best of LUCK Rafique Zaman

2 answers

Your answer

Rafique Zaman 0 Reputation points

2024-01-26T10:17:48.7766667+00:00

Device is domain joined, and Azure joined issue not showing in intune: Solution: Logon onto device (laptop) as domain administrator> settings >Access work or school You will find existing account AD domian joint; use the "connect", the account you use here will have device enrollment managers assigned, for MDM server enter "EnterpriseEnrollment-s.manage.microsoft.com" ( please refer to your intune tenant intune.microsoft.com to assign device enrollment managers https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll

devices > enroll devices> device enrollment managers" for MDM dns server "EnterpriseEnrollment-s.manage.microsoft.com" , once enrolled device will be visable to intune) https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-create-cname#best-practices-and-recommendations Hope this helps someone, best of LUCK Rafique Zaman

Answer 1

Crystal-MSFT 53,986 Microsoft External Staff

@Seb Z , From your description, it seems you are enrolling device into Intune. But it seems the device is only Azure AD joined. Not enroll into Intune. If there's any misunderstanding, please let us know.

To troubleshoot our issue, please check the following information:

Please check if the user we used to enroll the device has Microsoft Intune license and Azure AD Premium license assigned.
Please check the automatic enrollment configuration to see if the "MDM user scope" is set as ALL and if the "MAM user scope is set none".
Did we get any error when we enroll the device?
How many devices are affected? What are the platform of them? What enrollment method we used?
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment

Please check the above information and if there's any update, feel free to let us know.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Seb Z 1 Reputation point

2022-09-14T09:12:52.703+00:00
Thanks for a quick response

Please check if the user we used to enrol the device has Microsoft Intune license and Azure AD Premium license assigned.
This user has other devices successfully enrolled. He has Intune license. I have an impression this device somehow dropped off as "Last Activity" shows a date 9/8/2022 and registered 1/17/2019, so it looks like it was managed until then by MDM/Intune
2. Please check the automatic enrolment configuration to see if the "MDM user scope" is set as ALL and if the "MAM user scope is set none".
Both are set to ALL.

Did we get any error when we enrol the device?
I didn't join the device, it was joined before I started working here.

How many devices are affected? What are the platform of them? What enrolment method we used?
Just this single user, everything else is working fine. The OS of the one not working is Win10 10.0.19043.1889. I can't say what method was used enrol.

What would be the best way to add the device back to MDM if it's already registered?

Answer 2

Crystal-MSFT 53,986 Microsoft External Staff

@Seb Z , Thanks for your reply. From your description, I know the device is Azure AD registered. And both MDM user scope and MAM user scope are set all. MAM user scope will take precedence. The device will not be MDM enrolled.

https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#configure-automatic-mdm-enrollment

To confirm this, please go to the affected device, Settings->Accounts->Access work or school, check if there's any account there. Click info button of the account and see what is the Management Server Address? Is it one with the following address?

If yes, we need to disconnect it and connect again, you can choose "Join the device to Azure Active Directory", with automatic enrollment configured. It will auto enroll into Intune MDM.

https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973

Hope it can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Crystal-MSFT 53,986 Reputation points Microsoft External Staff

2022-09-19T05:18:37.727+00:00

@Seb Z , How's everything going? I am writing to see if there's any update on our issue. If yes, feel free to let us know,
Seb Z 1 Reputation point

2022-09-20T11:22:39.24+00:00

Thanks for the answer.

When I go to Settings->Accounts->Access I can see that an account of the user that uses and enrolled the device is present, I've been away and haven't had a chance to check what's the MAM Discovery URL.

If we need to disconnect and connect, is there anything we should take into consideration?
Crystal-MSFT 53,986 Reputation points Microsoft External Staff

2022-09-21T02:56:51.717+00:00

@Seb Z , We can make sure we have local administrator account can login this device and make sure the "MAM user scope " set as none. "MDM user scope" set to All. After that we can disconnect and connect again to auto enroll into MDM.

Hope it can help.

Share via

Device shows in Intune as Azure AD Joined but MDM is NONE

2 answers

Your answer