none
Device is not MDM enrolled yet RRS feed

  • Question

  • From CoManagementHandler.log I get these lines:

    Device is not MDM enrolled yet. All workloads are managed by SCCM.
    Co-management is disabled but expected to be enabled.
    Workloads rules are not compliant.
    Device is not aad joined yet.

    I just enabed co-management today with workload to pilot and to collection. Naturally computers are members of that collection.
    Before that I did;
    - AD Connect sync with password hash.
    - SSO enabled in ADConnect
    - SCCM Client Policy Default settings allows automatic mdm enrollment
    - Group Policy allows automatic mdm enrollment
    - Intune MDM and MAM are allowed to all.
    - SCP is configured via ADConnect
    - All workloads are applied to Pilot Collection

    My SCCM is in https mode and upgraded to 2002 version.

    - In AzureAD I see new onprem devices
    - In Intune I see new onprem devices
    - In SCCM console, Azure Tenant ID is 00000


    MCSA Win10, MCSE Mobility, MCSA M365.



    Wednesday, April 22, 2020 10:32 AM

Answers

All replies

  • Hi,

    Have you setup Hybrid azure ad join? I would bet that is the issue. from your log file above

    "Device is not aad joined yet."

    If you run DSRegcmd /status on the device is it Hybrid Azure ad Joined? I would start there..

    Regards,

    Jörgen


    -- My Enterprise Mobility blog ccmexec.com -- Twitter @ccmexec

    Wednesday, April 22, 2020 2:54 PM
    Moderator
  • No, AAD join does not happen automatically. I have "auto mdm enroll error 0x8018002B" with Windows 10 1909, my MDM scope is set to All and MAM to None. I also see 0x80180026

    MCSA Win10, MCSE Mobility, MCSA M365.


    Wednesday, April 22, 2020 2:56 PM
  • Hi,

    One of the prereqs is that the client is AzureAD Joined or Hybrid AzureAD Joined. https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview#azure-ad

    So I would start there.

    Regards,
    Jörgen


    -- My Enterprise Mobility blog ccmexec.com -- Twitter @ccmexec

    Wednesday, April 22, 2020 5:13 PM
    Moderator
  • I have done it like this: https://docs.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients

    ..and the AD Connect enables the device configuration and Hyper Azure AD join. I tried to discribe the steps at the first post as detailed as possible. Jörgen, do you have something spesific in mind what I might miss?

    MCSA Win10, MCSE Mobility, MCSA M365.


    Wednesday, April 22, 2020 7:18 PM
  • I had GPO set to disable MDM enrollment. I removed it and everything started working.

    MCSA Win10, MCSE Mobility, MCSA M365.


    Monday, April 27, 2020 5:23 AM