Issue with Device Registration Using Automatic Enrollment in Intune and Graph API

Question

When we try to register the devices using Automatic Enrollment in Intune, which uses the Graph API, it directing to the application ID: db47a02f-eb33-48a4-ab8b-e96a9bfbae00. and getting below error message:

Request Id:  db47a02f-eb33-48a4-ab8b-e96a9bfbae00   Correlation Id:  0c5276a6-924b-44d3-ad7d-7ef7688e3528 Timestamp:  2024-07-10T15:10:39Z   Message:  AADSTS700016: Application with identifier 'd1ddf0e4-d672-4dae-b554-9d5bdfd93547' was not found in the directory 'XXXX'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

But it used to work earlier with out any issues.

Answer 1

Hello Raghavendra

The error message you're seeing indicates that the Azure Active Directory (AAD) is unable to find the application with the identifier d1ddf0e4-d672-4dae-b554-9d5bdfd93547. This application is used for automatic enrollment of devices in Intune.

To troubleshoot this issue, I recommend the following steps:

1. Verify that the application d1ddf0e4-d672-4dae-b554-9d5bdfd93547 is installed and consented to in your Azure AD tenant.
2. Check the tenant context and ensure that you're using the correct tenant ID and domain.
3. Verify that the Graph API endpoint is correct and that the client ID and client secret are valid.
4. Review Intune policy and configuration settings to ensure they are correct and up-to-date.
5. Try registering a new device using Automatic Enrollment to see if it works.
   1. Verify that the application d1ddf0e4-d672-4dae-b554-9d5bdfd93547 is installed and consented to in your Azure AD tenant.
   2. Check the tenant context and ensure that you're using the correct tenant ID and domain.
   3. Verify that the Graph API endpoint is correct and that the client ID and client secret are valid.
   4. Review Intune policy and configuration settings to ensure they are correct and up-to-date.
   5. Try registering a new device using Automatic Enrollment to see if it works.

Answer 2

@Raghavendra Prakash, Thanks for posting in Q&A.

Based on my researching, I find in May 2024, due to updated authentication methods in the Graph SDK-based PowerShell module, the global Microsoft Intune PowerShell application (client) ID based authentication method is removed.

https://learn.microsoft.com/en-us/samples/microsoftgraph/powershell-intune-samples/important/

If you want to use Automatic enrollment, you may need the command "connect-msgraph", it is using the Intune PowerShell application ID (d1ddf0e4-d672-4dae-b554-9d5bdfd93547). So, it is affected. You need to create a new registration app with required permission and connect via the new registration app.

connect-msgraph -clientid <your app id>

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.authentication/connect-mggraph?view=graph-powershell-1.0

Or you can refer the method mentioned in the link to fix the issue.

https://www.reddit.com/r/PowerShell/comments/1ctmiqy/msgraph_running_into_error_aadsts700016/

Non-official, just for reference.

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.