Manually restart the enrollment of a Windows 10 machine in Intune without losing the configuration and the Azure AD join

Posted On 9 July 2020

In this article, I’m going to give you a method I used to re-trigger the enrollment of a Windows 10 device in Intune.

First of all, you should know that all troubleshooting starts with a study of logs and error codes. So, I invite you to first check if your message corresponds to one of those indicated on the Microsoft Docs page concerning the troubleshooting of the enrollment: https://docs.microsoft.com/fr-fr / mem / intune / enrollment / troubleshoot-windows-enrollment-errors

My case was quite special:

  • No error message at Device Sync Status
  • The scheduled task found in Microsoft> Windows> EnterpriseMgmt did not exist
  • The certificate issued by “Microsoft Intune MDM Device CA” is missing

What I have to help me:

  • Various errors in the Event Viewer (under Microsoft> Windows> DeviceManagement-Enterprise-Diagnostics-Provider) which allow me to deduce that the enrollment had started but was interrupted

Steps :

  • One of the first things you would be tempted to do is disconnect your machine from Azure AD and reconnect it again. This will cause you to lose the established configurations.
  • The method I suggest will allow you to clean up at the registry level and then restart the enrollment in Intune via a command.
$EnrollmentsPath = "HKLM:\SOFTWARE\Microsoft\Enrollments\"
$Enrollments = Get-ChildItem -Path $EnrollmentsPath
Foreach ($Enrollment in $Enrollments)
{
      $EnrollmentObject = Get-ItemProperty Registry::$Enrollment
      if ($EnrollmentObject."DiscoveryServiceFullURL" -eq "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc") 
{
            $EnrollmentPath = $EnrollmentsPath + $EnrollmentObject."PSChildName"
            Remove-Item -Path $EnrollmentPath -Recurse
&  "C:\Windows\System32\deviceenroller.exe /c /AutoEnrollMDM"
     }
}

The purpose of the above code is to search the registry for entries that are related to the enrollment process in HKLM \ SOFTWARE \ Microsoft \ Enrollments. In our example, we will base ourselves on the DiscoveryServiceFullURL property and will therefore delete the corresponding entry.

A restart may be necessary before going further. In this case, restart the command independently once the machine has restarted:

C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM

Your machine should then be listed on Azure AD as being managed by Intune as MDM.

Cet article vous a plu ? N'hésitez pas à le partager.
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Related Posts

About The Author

Walid Rahoui

I am a Premier Field Engineer at Microsoft France. I focus on Modern Workplace technologies such as SCCM, Intune, Autopilot and the EMS different security bricks.

Add a Comment

Your email address will not be published. Required fields are marked *