Device enrollment issue

Question

Device enrollment issue

Sabur Mirza 20

Hi,

I am trying to enroll a device into intune but the enrollment status is on "not enrolled". When I set the MDM User scope to "All" I have no issue in enrolling the device, but the thing is I want only a certain group to be target and so when I select "Some" and try to enroll the device in that group, the device does not enroll. If anyone has any solutions or tips, I would greatly appreciate it.

0 comments

2 answers

Your answer

Answer 1

Sabur Mirza 20

Hey, I hope you are doing well. I was wondering if you could help me again lol. So I want to enroll a device via hybrid azure ad so that the device is connected to intune and the on premises AD. I have been successful in doing that whilst I am connected to the office network. When I went home and attempted to reenroll the device from my home network for testing purposes, I was not unable to login with my home network and was provided with the file attatched. I wanted to ask if there is anyway I can bypass this, because we essentially want to be able to ship out a laptop directly to our employees in a remote location that wouldnt have access to the office network and would have to use their home wifi. But with this issue, they would not be able to login. So if you could help out with this matter, I would really appreciate it. Also, would it be possible for the device to be connected to the AD after oobe setup stage

ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-09-11T06:01:51.6066667+00:00

@Sabur Mirza, Thanks for your reply.

For hybrid azure ad join, based as I know, the device needs to be able to connect to the domain controller in on-premise domain, That is to say, it needs to be able to access office network. From your description, I know the remote location cannot access the office network, so you cannot complete Hybrid AAD Join.

For this situation, I think you can considering deploy VPN or doing Azure AD Join instead of Hybrid Azure AD join for these devices.

Hope above can be helpful.
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-09-13T03:02:35.2033333+00:00

@Sabur Mirza,Hope all is well.

I am writing as a courtesy to follow up on this issue. May I know the status from your side please? Please feel free to let me know if you have any concerns
Sabur Mirza 20 Reputation points

2023-09-13T09:38:20.75+00:00

Hi, yh we just decided to enroll the devices via hybrid azure only and then deployed a vpn, so thank you for your help and assistance.
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-09-14T05:07:00.4033333+00:00

@Sabur Mirza, Thanks for your reply.

If there is anything else we can help, feel free to contact me.

Answer 2

ZhoumingDuan-MSFT 17,365 Microsoft External Staff

@Sabur Mirza, Thanks for posting in Q&A.

From your description, we understand that you just want a certain group to be enrolled in Intune, but when you set MDM user scope "Some" and try to enroll the device in that group, the device does not enroll, and when you set MDM user scope "All", the device does enroll.

From your description, we add device group under some. But as I know, when you set MDM user scope "Some", you should select a user group to assign not a device group.

For more information about MDM user scope settings you can visit the link below:

Enable MDM automatic enrollment for Windows | Microsoft Learn

Please change the group with the enrolled user include and see if it works. Hope above can be helpful!

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Sabur Mirza 20 Reputation points

2023-08-24T09:25:25.2533333+00:00

Ah ok, so if i then want to install an application to that device, for app install context would i select user or device.
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-08-25T05:40:14.3133333+00:00

@Sabur Mirza, Thanks for your early reply. To choose app install context, it is actually up to app itself. If the App install Context support both Device Context and user Context, you can assign to either user group or device group. If the App Install Context just support Device Context, you should assign to the device groups.

For more information about App Install Context and Assignment group, please visit the link below:

How Application Context, Assignment and Exclusions Work in Intune - Microsoft Community Hub

Hope this helps!
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-08-28T05:11:57.2+00:00

@Sabur Mirza, Hope all is well.

May I know if there is anything else we can help? If yes, feel free to contact me.

Thanks for your kind understanding.
Sabur Mirza 20 Reputation points

2023-08-29T11:46:51.6066667+00:00

Thanks for your support, the issue I had is know resolved thanks to your reply. I am having issues with deploying certain applications. I am attempting to deploy Symantec Antivirus onto my client laptop but i keep getting an installation failure message. I am using the guide from the official website and using the install command lines they have provided, but I am still getting errors. If you could provide an insight on this matter, I would greatly appreciate it
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-08-30T07:34:21.1466667+00:00
@Sabur Mirza, Thanks for your reply.

From your description, we know that you use the install command from the Symantec official website to deploy the application, But it is failed. Could you confirm if we test the command lines on the device manually or deploy it via Intune?

If you test it manually on the device and you still get the error message, please contact to the Symantec support to fix the install issue.

If you means deploy app via Intune failed with error, please firstly check the “install behavior” setting and try the following suggestion to troubleshoot:

a. If you select System, please manually test the installation command on the device using system account to see if it can succeed, here are the detailed steps.

1.run cmd as admin 2.download PsExec and cd to PsExec directory. download url: PsExec - Sysinternals | Microsoft Learn 3.enter psexec -i -d -s cmd.exe to run cmd in Ntauthority\system context 4.entering whoami to check running context 5.entering the app installation command.

b. If you select User, please manually test the installation command on the device using the login in account.

run cmd.

entering the app installation command.

Please try the above suggestions and if any update, feel free to let us know.
Sabur Mirza 20 Reputation points

2023-08-31T08:22:39.77+00:00

With step A, do I perform it on the client machine or the machine that I want to deploy symantec from. Also, I also want to deploy Atempo Lina via intune, thing is the custom configuration we have is in the form of a batch file, now i know how to convert the batch file into a win32 app, but i dont know what the install and uninstall command lines would be and how i would find them.
Sabur Mirza 20 Reputation points

2023-08-31T09:15:29.52+00:00

Ok, so I carried out step A, but I am having issues. I keep receiving the following message:

I have tried different install commands, I carried out this step on both the client machine and the machine that I am deploying from, but I have had no success
ZhoumingDuan-MSFT 17,365 Reputation points Microsoft External Staff

2023-09-01T06:29:14.2966667+00:00

@Sabur Mirza, Thanks for your reply.

For step A, please manually test command on the device where you want to deploy the app. After seeing your error message, we found that you failed run the install command due to you are not in the app installation package folder, please use the cd installation package location command to enter the folder of your software installation package, and then execute the installation command.

For Atempo Lina app installation, please ask the app developer for installation and uninstallation commands.

Please try above information, if there is any update, feel free to contact me.

Share via

Device enrollment issue

2 answers

Your answer