![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 3%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Dylan Howard, Thanks for posting in Q&A. From your description, it seems you want to enroll devices into Intune. But it is failed.
Before going on, I would like firstly to introduce the Intune enrollment methods. Different method is for different scenario. You can choose one suitable method for your scenario.
BYOD: Enroll their personally owned devices via company portal. Ownership: Personal.
DEM: It is a special service account have permissions that let authorized users enroll and manage multiple corporate-owned devices. These types of devices are good for point-of-sale or utility apps, for example, but not for users who need to access email or company resources.
Automatic enrollment via MDM: Joins the device with Microsoft Entra (Azure Active Directory) and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune.
Automatic enrollment via Group Policy: Configure Active Directory group policy to automatically enroll devices that are hybrid Azure AD joined. (Join on-premise domain, register to Azure AD device to enroll into Intune. Mainly for existing domain joined device.)
Windows Autopilot: Set up and pre-configure new devices, getting them ready for productive use.
Bulk enrollment: lets an authorized user join large numbers of new corporate-owned devices to Azure Active Directory and Intune. non-user affinity, can use device license.
Co-management: lets administrators enroll their existing Configuration Manager managed devices into Intune to get the dual benefits of Intune and Configuration Manager..
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows
From your description, I notice you use DEM account to enroll. If this is a domain joined device, it is not suggested. You can choose GPO enrollment instead. To do GPO enrollment, the devices need to be Microsoft Entra Hybrid Joined firstly. Here are some links for your reference.
https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
