question

AronJohnson-3411 avatar image
0 Votes"
AronJohnson-3411 asked Crystal-MSFT commented

Intune - MacOS - Company portal after domain join attempting to re-enrol in MDM

I've configured Intune with a custom configuration profile to enrol MacOS devices into an AD domain. You login with a local account, install Company Portal, the Domain Join profile runs and the device is joined to AD. You can then login to the device with the domain credential.

However, when I open up the Company Portal app on the device as the domain user, it is going through the setup again. It tries to install the MDM profile again, and then fails because it is already installed.

Is there anyway around this?

intune-device-configurationintune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@AronJohnson-3411, Thanks for posting in our Q&A.

For the re-enroll issue, could you confirm if it starts after we sign in to Company Portal with the same work or school account?

For the macOS device which is join AD manually, will it get the same issue?

Please check the above information and if there's any update, feel free to let us know.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AronJohnson-3411 avatar image
0 Votes"
AronJohnson-3411 answered Crystal-MSFT commented

So what I did was:

  1. Login to the fresh Mac (OS 12).

  2. Enroll with a 365 account (which is the domain user also the domain user I will login with next).

  3. Once the Domain Join policy had applied, I then logged out and back in as the domain user.

  4. When I then open up the Company Portal, it asks for login credentials (same credentials as step 2) and then goes through the initial setup again.

  5. The policy window pops up and you put in the admin credentials from the local account, it then fails saying that the machine is already enrolled and only the machine has permissions to
    update the enrollment policy on the machine.

I haven't tried a manual join, I'll see if I can find a way to test that and let you know.






· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AronJohnson-3411, Thanks for letting us know the steps. From your description, it seems the enrollment start again after the AD join completed. I have done research both on the Internet and on Intranet. Currently, I didn't find the similar issue yet. Here, I suggest to open case to check on more logs on both device side and background to see if there's any more finding. To open case, you can refer to the steps in the following link:
https://docs.microsoft.com/en-us/mem/get-support

Thanks for the understanding and have a nice day!.

0 Votes 0 ·
AronJohnson-3411 avatar image
0 Votes"
AronJohnson-3411 answered Crystal-MSFT commented

FYI I think I found the source of the problem. When I was initially testing this the device was enrolled using a standard user account. However, if I enrol the device using a DEM and then switch to a domain user, you can login to the Company Portal without any issues. So you need to enrol it as corporate with a DEM to make this work.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AronJohnson-3411, Thanks for letting us know the status. I am glad to hear that it is working now. And thanks for your sharing here.

Again thanks for your time and have a nice day!

0 Votes 0 ·