This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 21%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
I'm attempting to pilot co-management on our estate, firstly to use Autopatch but then to migrate configuration to Intune. I've configured MECM and Intune as below but the devices aren't enrolling into Intune and are not registering for Autopatch.
The configuration I've done is as follows:
MECM is on current branch updated to 2309
Cloud attach has been configured to use specific collections during the piloting. All the devices I want to enroll are in the correct collections:
I am also cloud syncing several collections to Entra groups and these are working as expected. The devices in those collections are appearing in the Entra groups and MECM is not reporting any issues with the sync. I'm using the sync to add devices to the Windows Autopatch Device Registrations group and the pilot devices are now listed in Intune's Windows devices but they are not enrolling.
Autopatch is showing these devices as prerequisite failed and the details show they failed the Intune or Cloud-Attached check. MECM is reporting the status error MENROLL_E_MDM_NOT_CONFIGURED
I've looked at setting the MDM user scope but I'm confused by the documentation about it. Some of it seems a bit contradictory. I was reading it as needed for users to enroll devices themselves, but not for MECM to enroll.
Is there another step I need to take to force these devices to enroll?
Thanks
Is the MDM authority set to Intune in Entra? I also configure the MDM scope just to be safe. Did you configure the client settings to enable registration of devices with Entra ID (It says in AAD in ConfigMgr)
Hi Rahul
Yes, the MDM authority is set to Intune and the client settings are enabled automatically register with AAD.
I'll see what setting the MDM scope to all will do
Hi,
Thank you for posting in Microsoft Q&A forum.
For the error code, it indicates MDM auto-enrollment is not configured.
I notice we already configured MDM scope for a test pilot group which includes your account. Here, please also confirm what is the WIP/MAM scope set. Did we also set the test group there? If yes, we suggest setting the WIP/MAM scope as none and see if the result will be different. As shown below in my environment:
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks Simon
I'll set the MDM and WIP scopes as suggested and see what happens
Hi,
Looking forward to hearing good news from you.
Best regards,
Simon
Hi Simon
the scopes have been set for a week now but none of the devices are enrolling into Intune.
The MECM co-management dashboard is reporting devices with 'specific platform or version is not supported'. These devices are all using the same MECM client and at the same Windows update build.
Any ideas?
Jeff
I've resolved this issue.
One of our team had been playing with Device Platform Enrolment Restriction policies. He had set the default policy to block enrolments from all platforms. I had set up a policy to allow enrolment from all users using Windows but that didn't make a difference. I found a note that co-management enrolment only uses the default policy.
I edited the default policy to allow enrolment from Windows (MDM) and the pilot devices are now enrolling themselves into Intune