How to get hybrid joined devices to enroll in Intune from multiple locations?

DavidJTavares-6375 0 Reputation points
2024-01-29T13:20:45.0133333+00:00

I am having an issue with hybrid joined AAD devices onboarding to Intune. Across the multiple locations we have, devices will only onboard when I am located at one specific location. It seems to be tied to that IP address for me as well as others in my organization except for one person. All accounts are E5 licensed. We are not hitting device enrollment restrictions either. I have also looked through conditional access policies and none of those seem to be the problem as far as I can tell. I have had a case opened for months now with no answer. Has anyone come across a similar problem and what was your resolution?

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,654 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,080 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 5,260 Reputation points Microsoft Vendor
    2024-01-30T03:01:16.7666667+00:00

    @DavidJTavares-6375,Thanks for posting in Q&A.

    From your description, I know you have problem with enrolling hybrid joined devices in Intune from multiple locations.

    Based on my research, there may be the locations restrictions in Conditional Access policy which will allow the trusted locations to enroll in Intune and block rest of others to enroll in Intune.

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions

    https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition

    There are some methods you can try to resolve this issue.

    1.Please go to Intune portal to check if there exist Conditional access policy to block Intune enrollment and delete the policy.

    2.You can use VPN to configure the specific IP address to successfully enroll in Intune.

    Please try above information, if there is any update, feel free to let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. DavidJTavares-6375 0 Reputation points
    2024-01-31T15:53:06.35+00:00

    There is no conditional access policy that blocks intune enrollment. 2 is not an option.