Forum Discussion

tst3541's avatar
tst3541
Copper Contributor
Dec 16, 2024

PPKG didn't join device in Intune, although it should

AzureAD joined device via PPKG didn't enroll in Intune | Microsoft Community Hub → an old reference I seem to have the same problem.

So before the tipp comes up. Yes I configured the MDM scope. 

 

The User I created the token in the wcd with is in there. 
The most funny thing is, It worked before up untill end of november, everything went fine. I had to do some scripting around the bulk joining but those problems are solved.

So all of a sudden I stopped working.
No the tokkens I used are still valid, and I created new ones.
For several departments I do multiple ppkg  in different subfolders.
I let them run through powershell. 
So no errors, when dthe device restarts, no Intunejoin but why?
In the errorlogs (if I looked in the correct one) there are errors with no substance, like unknown error 0x00... 
Any leads? 
Was there an update in any form on MS side? anything?

Just to be sure I made the mdm scope all, as you can see in the screenshot.
So 2 days no progress now I'm here.

Intune
Mobile Device Management (MDM)
Provisioning
  • tst3541's avatar
    tst3541
    Copper Contributor
    Jan 13, 2025

    I got my solution.

    I had to disable mfa for the Intune Join, so now my tokenuser, musstn't use its nonexistent mfa

  • ItsBhatti's avatar
    ItsBhatti
    Brass Contributor
    Dec 17, 2024

    If a PPKG didn’t join the device to Intune:

    1. Check PPKG Configuration: Ensure it’s set up correctly for Intune enrollment.
    2. Network Connection: Verify the device has internet access during setup.
    3. Licensing: Confirm the device and user have proper Intune licenses.
    4. Time Sync: Ensure the system time and date are accurate.
    5. Reapply PPKG: Retry applying the provisioning package.
    6. Logs: Check event logs for errors during the PPKG application process.
  • kyazaferr's avatar
    kyazaferr
    Steel Contributor
    Dec 17, 2024

    Let's troubleshoot this Intune device enrollment issue systematically:

    1. Preliminary Checks:
    • Confirm MDM scope is set to "All"
    • Verify the user creating the token has:
      • Proper Intune licenses
      • Azure AD joining permissions
      • Enrollment rights
    1. Diagnostic Steps: 

    # Check current MDM information
    Get-MsolCompanyInformation | Select-Object *mdm*

    # Verify Intune enrollment status
    Get-MsolDevice -All | Where-Object {$_.DeviceTrustType -eq "Azure AD Joined"}  

    1. otential Troubleshooting Areas:
    • Recent Microsoft Updates: Check if there were any Intune or Azure AD Connect updates in late November/early December
    • Verify Conditional Access policies
    • Check Azure AD join and Intune enrollment logs:
      • Windows Event Viewer → Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider
      • Microsoft Intune management extension logs
      • Azure AD Connect sync logs
    1. Additional Verification:

    # Check device registration status
    dsregcmd /status

    # Verify Intune enrollment
    Start-Process "ms-device-enrollment:?mode=mdm"

    1. Common Causes to Investigate:
    • Token validity
    • Licensing changes
    • Conditional Access policy modifications
    • Network/proxy configuration alterations
    • Unexpected Windows updates

Resources