It seems as if you can’t have more than one MDM-provider registered in AzureAD for this to work properly. That would be the device enrollment status page (ESP): During the device preparation step, a few steps are performed: You can delete the extra entry (typically “Microsoft Intune Enrollment,” which is apparently used in some Conditional Access scenarios, although if you are doing auto-enrollment with any other MDM services, they would be listed here too) to get past this problem. Make sure you are still in Intune and in the “Mobile Apps / Apps” blade. Of course it does, I just need to read properly Sorry.

Feature highlights. In this example, scepuser@c2company.com. Do you know if there is a way to automate a batch with powershell if we have a file containing the users matched with devices? But that’s not your problem anyway. That’s covered in the blog, starting with the “The device will enroll in Intune using the device token” sentence. This allows the device to prove that it’s not an imposter, so Azure AD will then provide it with an Azure AD device token that can be used to join the device to Azure AD and enroll in Intune. First, create a self-deploying mode Autopilot profile: Notice that there are only a few settings: Next, you need to assign that self-deploying profile to an Azure AD group, then you need to add the Azure AD device object (created when you register a device with Windows Autopilot). We then set up Intune to connect to the VPP through the token and then synchronized Intune with VPP so that all purchased apps are now visible within Intune. A choice as to whether the user should get admin rights. Assign an Intune license to enable the Intune-only features. ), The TPM attestation process is performed. Fake email addresses will be deleted. Is it possible to use self deploying mode like user-driven mode when you setup a new machine from USB key with autounattend.xml and placing the AutoPilotConfigurationFile.json at the correct position, or is this still not supported, and the machine need to be registred first with a hardware hash? Let us understand what is primary user in Microsoft Intune and how to use this feature. You must assign each user an Intune license before users can enroll their devices in Intune. Click Users, select the added SCEP User, and then click Licenses.

Know anything about this? For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. im in the same situation as you, did you find a solution? That’s easy enough if there is exactly one MDM app defined in your Azure AD settings. Note – Ensure the new primary user is licensed with a Microsoft Intune License. On the Register an application page, specify the following: On the app Overview page, take note of the. You can perform the following things with this new feature :-. Read More. The device gets the profile, setup completes successfully, enrolls into Intune and the Kiosk device configuration profile comes through and fails as the Kiosk browser is not yet installed. Notice that we now have a much longer list of languages/region settings in the list now (after many of you complained): A second setting that lets you specify to “Automatically configure keyboard.”  Why is this separate?

If you’ve only targeted ESP settings to Azure AD groups, you won’t see your settings being used – the settings are only used for users, not for devices. After you wipe a managed device from Intune in the Azure portal, the device state remains as Wipe pending. If not already configured, you will be prompted to choose the Mobile Device Management Authority (MDM Authority).