Windows 8.1 Troubleshooting: Mobiles not enrolling into Intune

  • Article

Problem Statement

We have got a problem in enrolling windows 8.1 mobile devices. We are looking some advice on things to check. Here is the scenario

We have a customer who has on-premises Active directory, Active directory federation services, and they are using AD connect to sync all the user to AAD and device objects up to Azure AD. They also have System Center Configuration Manager in their environment with the latest build. They are using Intune tenant with the current only purpose of managing Mobile phone devices. And the max time it is working fine without having issues. Because we are able to enroll Android, iOS, and Windows Phone 10.

The problem is with enrolling Windows phone 8.1 devices. Because we are following the same procedure for enrolling windows 10 mobile phone devices like

  1. Download the Company Portal from the Microsoft Windows store using Microsoft account
  2. Launch the Company Portal and select the option to enroll the device
  3. When we do this, Microsoft screen login comes and ask us for an email address (which is client company UPN). Then we see a message that says “Getting your organization settings”, then we see the Microsoft processing dots across the screen. And that’s what we see because afterwards nothing comes up like dots going and going and going and then after some time, the time got out and devices have not been registered or enrolled on Intune portal.
  4. But here please note that, if we use the alternative login like Username@company.onmicrosoft.com, then actually we are able to enroll the device successfully or without having any issues. But when we try to enroll the device using the Primary UPN like username.company.com, then it is doing a problem like that with windows mobile 8.1.
  5. We are using exactly the same internet for all the devices. In our case, it is Open internet on WIFI and also, we are using 4g WWAN connection. So that there will be no issues of firewalls as well.
  6. We don’t know ADFS very well because we didn’t setup ADFS here. There is someone who actually left the company and now client also doesn’t know very well the infra of ADFS.

Solution Statement

When users try to sign in to the company portal for the Windows Phone 8.1, the attempt may fail. This problem occurs if the user’s you have enabled AD FS on-premises device registration. The sign-in failure is recorded as a user cancellation error in the company portal log

For the resolution, you have to unblock Intune access to the Windows Phone 8.1 user, you should have to assign a False value to the DeviceAuthenticationEnabled settings in the AD FS global authentication policy. Your enterprise requires this setting to be enabled, direct your users to the web-based company portal experience at http://portal.manage.microsoft.com