A community member has associated this post with a similar question:
On-premises authentication device enrollment failure

Only moderators can edit this content.

Connect to an MDM through the Settings app failure

ai second 1 Reputation point
2020-06-10T11:11:03.517+00:00
  1. Launch the settings app
  2. Navigate to Accounts
  3. Navigate to Access work or school
  4. Click the Enroll only in device management link
  5. I type my work email address,and mdm server URL as below9758-url.png
  6. After entering the password, I get the error on the picture below9658-qq%E5%9B%BE%E7%89%8720200610185040.png

our MDM discovery ULR is https://uitest.safeuem.com/windows/Enrollmentserver/Discovery.svc, and we are sure that after entering the password, our server received the request and responded to the following

<?xml version="1.0" encoding="utf-8"?>

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse</a:Action>
<a:RelatesTo>urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0</a:RelatesTo>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetPoliciesResponse xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy">
<response>
<policyID/>
<policyFriendlyName xsi:nil="true"></policyFriendlyName>
<nextUpdateHours xsi:nil="true"></nextUpdateHours>
<policiesNotChanged xsi:nil="true"></policiesNotChanged>
<policies>
<policy>
<policyOIDReference>0</policyOIDReference>
<cAs xsi:nil="true"/>
<attributes>
<commonName>CEPUnitTest</commonName>
<policySchema>3</policySchema>
<certificateValidity>
<validityPeriodSeconds>1209600</validityPeriodSeconds>
<renewalPeriodSeconds>172800</renewalPeriodSeconds>
</certificateValidity>
<permission>
<enroll>true</enroll>
<autoEnroll>false</autoEnroll>
</permission>
<privateKeyAttributes>
<minimalKeyLength>2048</minimalKeyLength>
<keySpec xsi:nil="true"/>
<keyUsageProperty xsi:nil="true"/>
<permissions xsi:nil="true"/>
<algorithmOIDReference xsi:nil="true"/>
<cryptoProviders xsi:nil="true"/>
</privateKeyAttributes>
<revision>
<majorRevision>101</majorRevision>
<minorRevision>0</minorRevision>
</revision>
<supersededPolicies xsi:nil="true"/>
<privateKeyFlags xsi:nil="true"/>
<subjectNameFlags xsi:nil="true"/>
<enrollmentFlags xsi:nil="true"/>
<generalFlags xsi:nil="true"/>
<hashAlgorithmOIDReference>0</hashAlgorithmOIDReference>
<rARequirements xsi:nil="true"/>
<keyArchivalAttributes xsi:nil="true"/>
<extensions xsi:nil="true"/>
</attributes>
</policy>
</policies>
</response>
<cAs xsi:nil="true"/>
<oIDs>
<oID>
<value>1.3.14.3.2.29</value>
<group>1</group>
<oIDReferenceID>0</oIDReferenceID>
<defaultName>szOID_OIWSEC_sha1RSASign</defaultName>
</oID>
</oIDs>
</GetPoliciesResponse>
</s:Body>
</s:Envelope>

Is the wrong content returned? Or is it another mistake?

We register device according to [here][3]

1: /api/attachments/9627-qq%E5%9B%BE%E7%89%8720200610184216.png?platform=QnA [3]: https://learn.microsoft.com/zh-cn/windows/client-management/mdm/on-premise-authentication-device-enrollment

Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,948 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,146 questions
{count} votes