This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 80%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
We have a lab of computers that uses a generic AD account to sign in. This user is not in an Azure AD synced OU, so a User Credential will not work in this case. We would like to get these devices auto enrolled in Intune/Endpoint Manager, however the enrollment task fails with the error above.
When running dsregcmd /status, the TenantName, and MdmUrl values are all blank. TenantId is populated and is the correct TenantID. The devices are all Hybrid Joined.
Any advice as to how to troubleshoot or resolve this error?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Jason Mabry For Hybrid Azure AD joined device to enrolled into intune, we need to make sure the user account is synced to Azure AD and also we have Azure AD Premium and Microsoft Intune License assigned. Because the enrollment process starts in the background once we sign in to the device with our Azure AD account. We can see more details in the following link:
https://video2.skills-academy.com/en-us/mem/intune/enrollment/windows-enroll
https://video2.skills-academy.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for the reply, @Crystal-MSFT !
We are trying to use a Device Credential.
The user is synced, but it's a special AD account, with no password, used strictly for shared lab access. We tried using a User Credential, but a check of dsregcmd /status does not show the user as being a valid AAD User. The user is licensed for Intune and is configured as a Device Enrollment Manager. The MDM user scope is set to All and the MAM user scope is set to None.
We are using Device-based licenses for Office, and were really wanting to enroll these using the Device Credential.
Is this possible?
@Jason Mabry , Thanks for the reply. Based as I know, device credential is not working in Intune device enrollment. So we need to consider user credential to do the enrollment.
From your description, I know the user account is not a valid AAD account. We suggest to firstly contact Azure AD support to fix this issue. Also, please ensure AzureAdJoined, DomainJoined and AzureAdPrt under dsregcmd /status are all YES, If not, we also need Azure AD support engineer to help on this.
https://video2.skills-academy.com/en-us/answers/topics/azure-active-directory.html
After the above issues are all fixed, then we can check if the enrollment will work well.
Thanks for the understanding.