Hello, I would recommend to make sure that the device can access following URLs from internet : https://enterpriseregistration.windows.net https://login.microsoftonline.com https://device.login.microsoftonline.com Looking at the error message which you provided, it seems its failing in discovery phase and is not able to find the Service connection point for the registration. So you need to make sure that the device is in correct line of sight with DC to fetch all those details over. Otherwise, I'd strongly recommend checking this article from MS: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual specifically checking your SCP record exists and is accurate using: "You can use the Get-ADRootDSE cmdlet to retrieve the configuration naming context of your forest. For a forest with the Active Directory domain name, the configuration naming context is: CN=Configuration,DC=fabrikam,DC=com In your forest, the SCP object for the autoregistration of domain-joined devices is located at: CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,[Your Configuration Naming Context] Depending on how you have deployed Azure AD Connect, the SCP object might have already been configured. You can verify the existence of the object and retrieve the discovery values by using the following Windows PowerShell script: PowerShellCopy
$scp = New-Object System.DirectoryServices.DirectoryEntry; $scp.Path = "LDAP://CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=fabrikam,DC=com"; $scp.Keywords; " --If the reply is helpful, please Upvote and Accept as answer--