This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
How do I troubleshoot the Enrolment of Intune devices?
Because my PC name is already shown as Microsoft Entra hybrid joined in the Azure Portal | Devices | All Devices.
https://portal.azure.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId~/null
The same computer name, however, is still not visible under Intune Admin Centre | Devices | All devices.
https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/mDMDevicesPreview
The below GPO has been applied to the OU where my computer is residing:
Computer Configuration (Enabled) > Policies > Administrative Templates > Windows Components/MDM Policy Setting: Enabled Enable automatic MDM enrollment using default Azure AD credentials
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@EnterpriseArchitect, Thanks for posting in Q&A. From your decryption, I know the GPO enrollment is failed and the device is not enrolled into Intune. To troubleshoot the issue, you can check the following information:
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Crystal-MSFT
Thank you for the quick response.
Auto-enrollment is configured: yes, via the GPO OnPremise AD DS.
There is only one task:
@Crystal-MSFT ,
I cannot find any error or Warning?
@EnterpriseArchitect, Thanks for the reply. From the information, I notice others are all configured but the scheduled tasks are not created correctly. Please ensure "User credential" is chosen in the GPO.
And then remove the above task, force GPO to be applied again to see if the two tasks can be created.
@Crystal-MSFT ,
yes, it is already set like that:
@EnterpriseArchitect, Thanks for the reply. From the information you provided, the GPO is applied, but the task "Schedule created by enrollment client for automatically enrolling in MDM from Microsoft Entra ID" is not created. I think this is our issue.
For our issue, please check if there's any registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments and remove them. Then remove the existing one scheduled task and run "gpupdate /force" to see if the two scheduled tasks can be created.
If there's any update, feel free to let us know.
@Crystal-MSFT ,
I can only see like below, which one should I delete?
@EnterpriseArchitect, Thanks for the reply. Please delete all the registry keys under enrollments. You can backup the registry key before you delete them.
@Crystal-MSFT ,
Which one? the GUIDs or the (Default) with the value not set?
@EnterpriseArchitect,, Thanks for the reply. Please remove the GUIDs registry key under enrollments.
@EnterpriseArchitect,, Hope things are going well. If there's any update, feel free to let us know.
Hi @Crystal-MSFT ,
I can only see the below Scheduled task available:
My colleague's computer has been successfully enrolled with Intune and has all those GUIDs available under the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments, so it should not be deleted.
@EnterpriseArchitect, Thanks for the reply. In fact the GUID is enrollment information which will be created when the device enrolled into MDM. Based on my researching, The Schedule created by enrollment client for automatically enrolling in MDM from Microsoft Entra ID task may affect when the device is already enrolled in another MDM solution. For our scenario, the device is not enrolled and the task is unable to create. So I wonder it can be caused there's any cached enrollment information which block this. Please try and see if it can work. If you have concern about this, you can backup the registry key before you delete them.