![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 34%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
2,095 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Pandiyan S, Thanks for posting in Q&A.
In the context of Microsoft Intune enrollment, the "User Credential" setting in the Group Policy "Enable automatic MDM enrollment using default Azure AD credentials" refers to users logging in with their personal credentials to enroll their devices in Intune. On the other hand, the "Device Credential" setting, which is only available for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop multi-session host pools, refers to the use of the computer's machine account to enroll the device in Intune.
For general scenario, user credential is used. From your description, I know we configure as user credential, but the enroll is failed. And it seems the MFA is required during the enrollment. Could you confirm if we configure for all cloud apps in Conditional Access policy to require MFA. We suggest exclude Intune Enrollment options from your MFA policy. meanwhile, choose one user and disable the MFA for the user to see if the GPO enrollment can work.
However, if the issue still persists after we disable MFA, you can follow the steps in the following link to troubleshoot.
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.