Devices deleted from intune, how do I get back.

Question

Devices deleted from intune, how do I get back.

TechUST 606

Hi Expert, I accidentally deleted some devices (hybrid join) from Intune. How can i bring back these devices into Intune? We have already deployed automatic enrolment GPO to an AD group (all Hybrid join device group). Will the deleted devices automatically enroll again with this GPO? Please suggest steps to retrieve those deleted devices in Intune. This is the GPO deployed for cert automatic enrollment:

Option

Setting Enroll new certificates, renew expired certificates, process pending certificate requests, and remove revoked certificates -Enabled

Update and manage certificates that use certificate templates from Active Directory -Enabled.

Accepted answer

0 additional answers

Your answer

Answer 1

Crystal-MSFT 53,991 Microsoft External Staff

@TechUST, Thanks for posting in Q&A. For these accidently deleted devices, please go to the device side and clear the registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments to remove residual information.

Meanwhile, remove the Intune related device certificates on the device.

After that, configure "Enable automatic MDM enrollment using default Microsoft Entra credentials' enable and select User Credential from the dropdown Select Credential Type

https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy

Then you can perform gpupdate /force to apply the GPO to re-enroll again.

In addition, please ensure the Microsoft Entra Premium and Microsoft Intune Plan 1 licenses are assigned to the user.

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

TechUST 606 Reputation points

2024-02-23T04:16:06.9366667+00:00

Hi thanks for replying, I don't have access to make changes on AD group policy. Can you suggest steps if single machine deleted from intune and how do I get it back. Can I use sysprep.exe with safe mode. Will it back to re-enroll and & available in intune. Please suggest simple method.
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-23T05:09:43.8733333+00:00

@TechUST, Thanks for the reply. For the deleted devices, did it also enroll with GPO enrollment before? If yes, then the GPO still configured for these devices in AD. You can just delete the registry keys and certificate on the device, run gpupdata /force to retrigger the enrollment.
TechUST 606 Reputation points

2024-02-23T05:41:11.8666667+00:00

This gpo deployed from AD for cert automatic enrollment on autopilot devices. Is this group policy you are talking about for auto enrollment. Apart from that there is no gpo related to automatic enrollment ....
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-23T05:47:38.06+00:00

@TechUST, Thanks for the reply. No, this is not the GPO policy to do GPO enrollment. I notice you mentioned Autopilot. Did the device enroll via Autopilot Hybrid Azure AD join before?
TechUST 606 Reputation points

2024-02-23T05:50:20.5666667+00:00

I just seen this one more gpo deployed. I think this one is correct. I hope this is correctly configured as per need...
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-23T06:03:11.59+00:00

@TechUST, This is correct GPO policy setting to do GPO enrollment. We have already with it configured.
TechUST 606 Reputation points

2024-02-23T06:17:04.38+00:00

Ok, I'll clear registry key and update the gp update. Thank you
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-23T06:50:44.0633333+00:00

@TechUST, Ok. If there's any update later, feel free to let us know.
TechUST 606 Reputation points

2024-02-23T08:58:44.3333333+00:00

Thank you issue got fixed. I posted one more query can you please have a look https://learn.microsoft.com/en-us/answers/questions/1571620/logistic-g-hub-app-not-getting-installed
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-26T02:02:02.4433333+00:00

@TechUST, Thanks for the reply. For the issue, My thought is we can contact the application support to see what requirement for this app and if there's any log it records to analyze installation issue. Then we can check if any requirement is disabled by the policy we deployed.

Another method is we can prepare a test machine and enroll with an account without any policy applied. Then add the policy one by one to find out the affected policy.
TechUST 606 Reputation points

2024-02-26T02:18:55.07+00:00

Hi, i believe it's blocked by the policy because it's installing on non-autopilot devices. Just want to the policy, blocking application installation. I have seen error only in system section under event log but unable to trace why n what policy getting blocked. Event log i have attached in article.
TechUST 606 Reputation points

2024-02-26T02:19:51.4766667+00:00

Is there anyway to troubleshoot with log why it is blocking
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-26T02:30:10.34+00:00

@TechUST. Thanks for the reply. For application installation log, this depends on the developer of the application. If they add log for it, then we can look into it.

On windows side, the general is application event log. But I notice there's no error there.

On Intune side, it's impossible for us to know why the application is failed. when it installs manually I think you need to contact the application support to see if we have any log can be checked for this installation issue.
TechUST 606 Reputation points

2024-02-26T02:38:11.1233333+00:00

Ok thank you, Is there any policy in Intune through which we can only block the installation of gaming applications? If yes, then please suggest which policy it is.I think it's causing the problem, so I need the name of that policy and its path."
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2024-02-27T05:53:00.77+00:00

@TechUST, Thanks for the reply. You can check if any Applocker or Windows Defender Application Control policy set in our environment which may block app installation.

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview#windows-defender-application-control

https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create-custom-intune-policies-for/ba-p/364981

Share via

Devices deleted from intune, how do I get back.

0 additional answers

Your answer