This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 32%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello,
We have Entra hybrid joined devices and i tried to enroll devices into intune via GPO,it is assigned to the OU in AD.It was successfully applied to users.It is enable for auto enrollment type is user credential.
User has intune license and Microsoft 365 business basic license.And my organization tenant has Entra ID p2 license.IS user require Entra ID p2 license or tenant Entra ID p2 license is enough.
And In Intune Automatic enrollment set to All
In task scheduler-->microsoft-->windows->Enterprisemgmt -->showing as above screenshot.It showing access denied.
In Event viewer -->application logs-->microsoft-->windows->Task scheduler->operational-->it shows as error below screenshot
What does it say under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
Please find the snap
And also event id showing for one user 76,90
And another user it shows event id 256,2545
Is the device successfully hybrid joined? Any CA policy implemented requiring MFA in the background? Have you checked the user sign-in logs in Entra ID?
Device showing Azure AD joined:yes when i run dsregcmd/status in cmd.
I checked the CA policy it was not requiring MFA for authentication.
Thanks, but does the device show up in Entra ID as hybrid joined? Also, was the device ever managed by a non MS MDM provider?
Actually it was before domain joined + entra registered(Microsoft Intune ) as BYOD device so we planned to Entra hybrid joined to make COD device.
That explains a lot. Did you delete the Intune enrolment for the device object showing as Entra registered first?
I retired the device from Intune and then enrolled to entra hybrid joined.
Actually i tried to entr hybrid joined+ Intune via GPO in 4 devices 2 devices successfully enrolled to intune .first two users has intune+ Microsoft 365 E5 license successfully enrolled.
another 2 devices showing error as above screenshots. this users has Intune+ microsoft 365 business basic license
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@srinivas Pasupuleti100, Thanks for posting in Q&A. From your description, I know the two affected users are with Microsoft Intune and Microsoft 365 business basic license. Based on my checking Microsoft 365 business basic doesn't include Microsoft Entra Premium license.
https://learn.microsoft.com/en-us/entra/fundamentals/licensing#entra-licensing-options
For GPO enrollment, auto-enrollment is needed to be enabled
To enable auto-enrollment, Microsoft Entra ID P1 or P2 is needed.
https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment
For the affected users, it misses this license. Then it can cause failure. Please assign the license to see if it can be working.
Please try the above suggestion and if there's any update, feel free to let us know,
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@srinivas Pasupuleti100, How's everything going? if there's any update, feel free to let us know.
Hi I applied Microsoft 365 E3 license to the user.but devices not joining intune.
@srinivas Pasupuleti100, Thanks for the reply. After we apply the license to the user, please ensure the user is still sign in the device. And then check the event log under Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin to see what the new error for the enrollment is.
@srinivas Pasupuleti100,, I notice this is an information log. Is there any error with enrollment?