Hybrid Domain Joined ;1 out of 200 users is not enrolling to Intune
Question
Hi Folks,
I need your advice regarding 1 user who cannot enroll in Intune.
Hybrid DOmain Joined: 1 out of 200 users is not enrolling to Intune. it is due to
AzureADPRT: no and
isUserAzureAD: no
on disregard status. Tenant Name, MDMUrl are empty. I found out as well that on some users, by default they can log in via Microsoft acct or domain acct on Windows w/o VPN.
whereas this user, you can’t. you need to have VPN in order to log in from domain to Microsoft acct or vice versa on Windows when switching users.
This user has changed from UPN2 to UPN1 a year ago. I can confirm that on AAD and AD, they are matched. The license is there. tried rejoining the devices to Azure AD and doing hybrid.
If I am doing this, I make sure that before I push the enrollment script, the device is already set to Hybrid on AzureAD, if not I will force it via disregard /join and wait for sync.
I’ve tried using another test hardware using the account and they are having the same issue.
Can you advise what logs should I get aside from these things?
MDM error is just Credential Error (0x0),
I believe this problem is on AzureAD or account not on Intune.
Published by Jstn GZ in HTMD FB Group
Answer ( 1 )
Replied by Seenivasan Balaji
Raise a case with MS as your PRT token issue should be resolved
Replied by Jstn GZ
Author
under AAD event viewer:
0xCAA90022 check ADFS setting
WS-Trust 1.3
Checking if relevant or not