This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 55.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hello
Thanks for looking at my post - Newbie learning intune
My Environment
Running VMS on Exsi host
Everything seems to be ok with my on-premise environment and the connection to Azure
The Story so far
Set up a profile to enroll devices without on-prem domain join
The issue
Set up a new compliance profile to enable domain join and applied that policy to my device group in Azure AD
I have followed all of the guides from the Microsoft site, I reached my work and spent hours looking over the internet - but my own knowledge of intune is limited - hence my post
Getting error 8007044A something went wrong.
looked at my IntuneManagementExtension log attached, I not sure what to do next
Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 26a4ae64-5862-427f-a9b0-044e62572a4f, errorCode = 3399548929 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
Need user interaction to continue. IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenInternalAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenForNewRequestUsingDeviceCheckInAppId>d__40.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<<IsAADUserInternal>b__17_0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.ImpersonateHelper.<DoActionWithImpersonation>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUserInternal>d__17.MoveNext(), session is 1 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
AAD User check using device check in app is failed, now fallback to the Graph audience. ex = Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUserInternal>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUser>d__15.MoveNext() IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
starting impersonation, session id = 1 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
After impersonation: DESKTOP-3NMGKE6\defaultuser0 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
[TokenManager::GetTokenForNewRequestAsync] IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
provider id = https://login.microsoft.com, authority = organizations IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
get provider, provider name = Work or school account IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 00000002-0000-0000-C000-000000000000, errorCode = 3399548929 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
Need user interaction to continue. IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenInternalAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenForNewRequestAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<<IsAADUserInternal>b__17_1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.ImpersonateHelper.<DoActionWithImpersonation>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUserInternal>d__17.MoveNext(), session is 1 IntuneManagementExtension 20/06/2021 16:25:24 17 (0x0011)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
What do you mean "Set up a profile to enroll devices without on-prem domain join"? - Is this Autopilot with Azure AD Join? What type of profile did you exactly configure?
"Set up a new compliance profile to enable domain join and applied that policy to my device group in Azure AD" - Do you mean a Device Configuration domain join profile? If so, that is meant to be used with Autopilot for Hybrid Azure AD Join (to join the on-prem domain).
How are you trying to enroll the devices exactly? What version of Windows 10?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 13%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
@Thomas Black Thanks for posting in our Q&A.
For the error code “80070774” , it can mean a few different things. like “Intune never found a domain join policy” and “Intune failed to create a device object”. We can check out the ODJ Connector event log to see if there was even a request received. More details please refer to the following link:
https://learn.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors#something-went-wrong-error-code-80070774
For user driven hybrid Azure AD join, some requirements need to be checked before next step.
https://learn.microsoft.com/en-us/mem/autopilot/user-driven#requirements-1
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.