Hi folks, can somebody explain to me why there are different azure ad logins shown on my client. i have a W10 notebook which i want to onboard to Intune MDM. The device is hybrid joined to AAD: This is what i see when look under settings: The computer cannot be found in Intune Management. How do i manually register the computer to MDM? I have several computers, where the same process lead to this: So my question is, how do i get the device registered correctly to Intune MDM? Thank you!

Hi @Simon-Timothy Folaji , I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Thanks also to Nick Eckermann for troubleshooting and helping with the issue. Since the Microsoft Q&A community has a policy that " The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to " Accept " the answer. Issue : Different Azure AD logins shown were showing up on your client and you were getting errors while trying to register a device to Intune MDM. (The computer could not be found in Intune Management.) You wanted to manually register the computer to MDM. Solution: You solved the problem by deleting some orphaned registry entries and can now manually re-register the device. You were able to resolve the issue by following this blog: https://jocha.se/blog/tech/azure-ad-mdm-intune-error-8018000a Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Azure AD registered (for Intune MDM) device questions

Simon-Timothy Folaji 0

Hi folks,

can somebody explain to me why there are different azure ad logins shown on my client. i have a W10 notebook which i want to onboard to Intune MDM. The device is hybrid joined to AAD:

This is what i see when look under settings:

User's image

The computer cannot be found in Intune Management.

How do i manually register the computer to MDM? I have several computers, where the same process lead to this:

User's image

So my question is, how do i get the device registered correctly to Intune MDM?

Thank you!

2 answers

Nick Eckermann 591

If the device is already hybrid joined, you can use the automatic Intune enrollment policies.

"You can use a Group Policy to trigger autoenrollment to Mobile Device Management (MDM) for Active Directory (AD) domain-joined devices.

The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This cause-and-effect mechanism means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account."

https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy

Manual enrollment options

https://learn.microsoft.com/en-us/windows/client-management/mdm-enrollment-of-windows-devices

You also need to meet the other requirements for the user/device to join the device to Intune.

License, in scope for enrollment, etc...

If your still having problems with enrollment, please provide the errors you are receiving.
https://learn.microsoft.com/en-us/windows/client-management/mobile-device-enrollment

Simon-Timothy Folaji 0 Reputation points

2023-08-22T12:04:22.1466667+00:00

Thanks, but how do i manually enroll my device. i don´t want to use the autoamted process via gpo.
Nick Eckermann 591 Reputation points

2023-08-22T12:05:53.8366667+00:00

I added more information to the answer about manual enrollments.
Simon-Timothy Folaji 0 Reputation points

2023-08-22T12:46:47.95+00:00

Thank you. I´m still struggling to register the device to Intune MDM. When i use setting to register the computer to MDM i get this error:

How do i fix this?
Nick Eckermann 591 Reputation points

2023-08-22T12:59:20.8733333+00:00

What is the output of this command?

dsregcmd /status

Simon-Timothy Folaji 0


+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : YES
                DomainName : xxx
               Device Name : xyz.local

+----------------------------------------------------------------------+
| Device Details                                                       |
+----------------------------------------------------------------------+

                  DeviceId : 02601494-86c5-4624-bad8-2ef1c8f9cbe0
                Thumbprint : EDCC4BDAE50604E0A19D1232E42CC33781B5E94B
 DeviceCertificateValidity : [ 2023-08-22 10:57:15.000 UTC -- 2033-08-22 11:27:15.000 UTC ]
            KeyContainerId : 7093531f-196c-4fca-9419-73e96dd85b73
               KeyProvider : Microsoft Software Key Storage Provider
              TpmProtected : NO
          DeviceAuthStatus : SUCCESS

+----------------------------------------------------------------------+
| Tenant Details                                                       |
+----------------------------------------------------------------------+

                TenantName : xxx
                  TenantId : 44b0c475-7c6c-4b69-93b8-64dcb3c35d1a
                       Idp : login.windows.net
               AuthCodeUrl : https://login.microsoftonline.com/44b0c475-7c6c-4b69-93b8-64dcb3c35d1a/oauth2/authorize
            AccessTokenUrl : https://login.microsoftonline.com/44b0c475-7c6c-4b69-93b8-64dcb3c35d1a/oauth2/token
                    MdmUrl : https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
                 MdmTouUrl : https://portal.manage.microsoft.com/TermsofUse.aspx
          MdmComplianceUrl : https://portal.manage.microsoft.com/?portalAction=Compliance
               SettingsUrl : 
            JoinSrvVersion : 2.0
                JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
                 JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
             KeySrvVersion : 1.0
                 KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
                  KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
        WebAuthNSrvVersion : 1.0
            WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/44b0c475-7c6c-4b69-93b8-64dcb3c35d1a/
             WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
    DeviceManagementSrvVer : 1.0
    DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/44b0c475-7c6c-4b69-93b8-64dcb3c35d1a/
     DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net

+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+

                    NgcSet : NO
           WorkplaceJoined : YES
          WorkAccountCount : 1
             WamDefaultSet : YES
       WamDefaultAuthority : organizations
              WamDefaultId : https://login.microsoft.com
            WamDefaultGUID : {B16898C6-A148-4967-9171-64D755DA8520} (AzureAd)

+----------------------------------------------------------------------+
| SSO State                                                            |
+----------------------------------------------------------------------+

                AzureAdPrt : YES
      AzureAdPrtUpdateTime : 2023-08-22 11:54:08.000 UTC
      AzureAdPrtExpiryTime : 2023-09-05 11:54:33.000 UTC
       AzureAdPrtAuthority : https://login.microsoftonline.com/44b0c475-7c6c-4b69-93b8-64dcb3c35d1a
             EnterprisePrt : NO
    EnterprisePrtAuthority : 
                 OnPremTgt : NO
                  CloudTgt : YES
         KerbTopLevelNames : .windows.net,.windows.net:1433,.windows.net:3342,.azure.net,.azure.net:1433,.azure.net:3342

+----------------------------------------------------------------------+
| Work Account 1                                                       |
+----------------------------------------------------------------------+

         WorkplaceDeviceId : 01c8eb55-8b81-4c7e-8fe4-74d1cd09dba3
       WorkplaceThumbprint : BAF204B540312325BF8DF17950CE01FC05093037
 DeviceCertificateValidity : [ 2023-08-22 09:47:48.000 UTC -- 2033-08-22 10:17:48.000 UTC ]
            KeyContainerId : a23ae606-81f5-4f37-8b7a-2019161fd895
               KeyProvider : Microsoft Software Key Storage Provider
              TpmProtected : NO
              WorkplaceIdp : login.windows.net
         WorkplaceTenantId : 44b0c475-7c6c-4b69-93b8-64dcb3c35d1a
       WorkplaceTenantName : xxx
           WorkplaceMdmUrl : https://wip.mam.manage.microsoft.com/Enroll
      WorkplaceSettingsUrl : 
                    NgcSet : NO

+----------------------------------------------------------------------+
| Diagnostic Data                                                      |
+----------------------------------------------------------------------+

        AadRecoveryEnabled : NO
    Executing Account Name : xxx\admin, admin@local
               KeySignTest : PASSED

        DisplayNameUpdated : Managed by MDM
          OsVersionUpdated : Managed by MDM
           HostNameUpdated : YES

      Last HostName Update : NONE

+----------------------------------------------------------------------+
| IE Proxy Config for Current User                                     |
+----------------------------------------------------------------------+

      Auto Detect Settings : YES
    Auto-Configuration URL : 
         Proxy Server List : 
         Proxy Bypass List : 

+----------------------------------------------------------------------+
| WinHttp Default Proxy Config                                         |
+----------------------------------------------------------------------+

               Access Type : DIRECT

+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |
+----------------------------------------------------------------------+

            IsDeviceJoined : YES
             IsUserAzureAD : YES
             PolicyEnabled : NO
          PostLogonEnabled : YES
            DeviceEligible : NO
        SessionIsNotRemote : NO
            CertEnrollment : none
              PreReqResult : WillNotProvision

For more information, please visit https://www.microsoft.com/aadjerrors

Nick Eckermann 591 Reputation points

2023-08-25T13:02:30.6233333+00:00

See if this response helps.
https://learn.microsoft.com/en-us/answers/questions/1184607/some-hybrid-azure-ad-joined-devices-do-not-show-up
Simon-Timothy Folaji 0 Reputation points

2023-08-28T09:37:09.73+00:00

Hello Nick,
i solved the problem by deleting some orphaned registry entries - now i´m able to manually re-register the device. Thanks for your time!

Solution that worked for me:

https://jocha.se/blog/tech/azure-ad-mdm-intune-error-8018000a

Marilee Turscak-MSFT 36,861 Reputation points Microsoft Employee

2023-08-29T20:06:23.9566667+00:00

Hi @Simon-Timothy Folaji ,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Thanks also to Nick Eckermann for troubleshooting and helping with the issue. Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

Different Azure AD logins shown were showing up on your client and you were getting errors while trying to register a device to Intune MDM. (The computer could not be found in Intune Management.) You wanted to manually register the computer to MDM.

Solution:

You solved the problem by deleting some orphaned registry entries and can now manually re-register the device. You were able to resolve the issue by following this blog:

https://jocha.se/blog/tech/azure-ad-mdm-intune-error-8018000a

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure AD registered (for Intune MDM) device questions

2 answers

Your answer