Is the MDM authority set to Intune in Entra? I also configure the MDM scope just to be safe. Did you configure the client settings to enable registration of devices with Entra ID (It says in AAD in ConfigMgr)
MECM co-management enrollment status error MENROLL_E_MDM_NOT_CONFIGURED
I'm attempting to pilot co-management on our estate, firstly to use Autopatch but then to migrate configuration to Intune. I've configured MECM and Intune as below but the devices aren't enrolling into Intune and are not registering for Autopatch.
The configuration I've done is as follows:
MECM is on current branch updated to 2309
Cloud attach has been configured to use specific collections during the piloting. All the devices I want to enroll are in the correct collections:
- Configure upload is enabled to upload to Intune
- Enablement is set to pilot
- Workloads Compliance policies, device configuration, client apps, Office click-to-run apps, and Windows update policies are set to pilot Intune
I am also cloud syncing several collections to Entra groups and these are working as expected. The devices in those collections are appearing in the Entra groups and MECM is not reporting any issues with the sync. I'm using the sync to add devices to the Windows Autopatch Device Registrations group and the pilot devices are now listed in Intune's Windows devices but they are not enrolling.
Autopatch is showing these devices as prerequisite failed and the details show they failed the Intune or Cloud-Attached check. MECM is reporting the status error MENROLL_E_MDM_NOT_CONFIGURED
I've looked at setting the MDM user scope but I'm confused by the documentation about it. Some of it seems a bit contradictory. I was reading it as needed for users to enroll devices themselves, but not for MECM to enroll.
Is there another step I need to take to force these devices to enroll?
Thanks
3 answers
Sort by: Most helpful
-
Rahul Jindal [MVP] 10,121 Reputation points MVP
2024-02-29T13:04:50.7433333+00:00 -
Simon Ren-MSFT 34,246 Reputation points Microsoft Vendor
2024-03-01T02:01:47.3033333+00:00 Hi,
Thank you for posting in Microsoft Q&A forum.
For the error code, it indicates MDM auto-enrollment is not configured.
I notice we already configured MDM scope for a test pilot group which includes your account. Here, please also confirm what is the WIP/MAM scope set. Did we also set the test group there? If yes, we suggest setting the WIP/MAM scope as none and see if the result will be different. As shown below in my environment:
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Jeff Smith 0 Reputation points
2024-04-12T09:56:51.3433333+00:00 I've resolved this issue.
One of our team had been playing with Device Platform Enrolment Restriction policies. He had set the default policy to block enrolments from all platforms. I had set up a policy to allow enrolment from all users using Windows but that didn't make a difference. I found a note that co-management enrolment only uses the default policy.
I edited the default policy to allow enrolment from Windows (MDM) and the pilot devices are now enrolling themselves into Intune