Edit

Troubleshooting Azure AD device registration and Windows Autopilot

  • Article

This article contains tips for troubleshooting Azure Active Directory (Azure AD) device registration and Windows Autopilot issues.

Azure AD device registration

By connecting devices to Azure AD, users can easily access the organization's assets, and IT administrators can easily control and manage the connected devices to protect the organization's assets. For more information about device identity, see What is a device identity?

You have the following options to connect a device to Azure AD:

  • Azure AD registered
  • Azure AD joined
  • Hybrid Azure AD joined

To troubleshoot common device registration issues, use the Device Registration Troubleshooter Tool.

The following screenshot shows the main menu of the tool:

Screenshot of the Troubleshooter main menu.

For example, if the device health status is Pending, select 5 on the menu. If the device doesn't have the Primary Refresh Token (PRT) issued, select 6 on the menu.

For more information about Azure AD device registration, see the Azure AD device identity documentation.

Windows Autopilot

To add Windows Autopilot devices in Microsoft Intune, import a CSV file that contains the device information. To import the CSV file, open the Microsoft Intune admin center, and then select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Import.

You can use the Get-WindowsAutoPilotInfo PowerShell script to generate the CSV file. You can either manually download the script or run the following command to install the script:

Install-Script -Name Get-WindowsAutoPilotInfo

For more information about how to use the script, see Collecting the hardware hash from existing devices using PowerShell.

To troubleshoot Windows Autopilot issues, first collect logs. The following files are useful for troubleshooting related issues:

  • microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx

  • microsoft-windows-moderndeployment-diagnostics-provider-autopilot.evtx

  • MdmDiagReport_RegistryDump.reg

  • TpmHliInfo_Output.txt

  • microsoft-windows-provisioning-diagnostics-provider-admin.evtx This file contains some informational messages about the Enrollment Status Page (ESP), such as app installation failures or timeouts. Here are some examples:

    • AutoPilotGetOobeSettingsOverride succeeded: OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_JOIN_ONLY; state = enabled.
    • CloudExperienceHost Web App Event 1. Name: 'UnifiedEnrollment_ProvisioningProgressPage_ApplicationsFailed'.
    • CloudExperienceHost Web App Event 1. Name: 'UnifiedEnrollment_ProvisioningProgressPage_DeviceConfigurationTimeOut'.

For additional guidance, see Troubleshooting overview in the Windows Autopilot documentation, and Troubleshooting Windows Autopilot (level 300/400).