This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 32%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello,I tried to enroll entra hybid joined devices to intune via GPO .user has intune license.Configured GPO correctly it was applied to the device.but enrollment not successfull.Please find the event viewer logs attached.any answer should be appreciated
.
Make sure you select User sub selection in that enrollment gpo settings which you apply to devices. You also need to enable entra sync settings between local AD and EntraID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@srinivas Pasupuleti100, Thanks for posting in Q&A.
From your description, I know you want to do hybrid AAD join but failed.
To clarify this issue, please check the following.
1.Could you share us what kind of credential have you configure? Device credential or User credential?
2.Check if there exist CA policies that may block enrollment.
3.Check the task under Task schedule.
4.Check on-premise UPN to whether match the Azure AD UPN so they can login with the correct credentials.
And here is a link with the similar issue you can refer.
https://www.reddit.com/r/Intune/comments/le1tqd/auto_mdm_enroll_device_credential_failed_error/
Please try above information, if there is any update, feel free to let me know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
To clarify this issue, please check the following.
1.Could you share us what kind of credential have you configure? Device credential or User credential?->user credential
2.Check if there exist CA policies that may block enrollment.->no CA policy blocking.4.Check on-premise UPN to whether match the Azure AD UPN so they can login with the correct credentials.-->same
@srinivas Pasupuleti100, Thanks for your confirmation.
What kind of information in Task schedule shows, does it trigger successfully or failed?
After the post research, I find the error may relate to registry key SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin,1 means blocked Azure registration. change it to 0 and performed dsregcmd /leave and dsregcmd/join.
Or check and see if computer account has fallen off the domain as this can also prevent enrolment. To fix your need to reset the computer password on a DC. This can be achieved in powershell "Reset-ComputerMachinePassword -Server "XXX-DC1" -Credential Domain\Username"
Also, please be sure the user has both Intune and Azure AD premium license.
Hope it will help.
@srinivas Pasupuleti100, Hope things going well.
If there is any update, feel free to let me know.