This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 15%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi All,
I am trying to auto enroll the Windows 10 21H1 devices to Intune. All devices are Hybrid AD but some how its not enrolling in to Intune.
The user ID are part of MDM auto enroll group, also group policy applied to all devices with user credential option.
We dont have conditional access policy or any conflicting policies
"Error: Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x8018002a)
Warning: Auto MDM Enroll DmRaiseToastNotificationAndWait Failure (Unknown Win32 Error code: 0x8018002a)"
Tried rejoining the machine to Hybrid AD, manual enroll is working fine. Please advice on how to fix this issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@karthik palani , For the error "Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x8018002a)", it may occur when multi-factor authentication (MFA) is Enforced. if prevents the enrollment. Please try one of the following methods to see if it ca be fixed:
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
After disabling MFA, i got test machines enrolled automatically. So should i disable MFA for all users and perform the enrollment.
Or is there any other ways to follow. Please advice
@karthik palani , Thanks for the update. I am glad we find the issue.
From the above article, if says change MFA from enforced to enable can also work, maybe we can also try this method. If it works, we can use enable instead of enforced.
Hope it can work.
It was already in enabled mode, after disabling it got enrolled.
@karthik palani , Thanks for your update. If so, I think we need to temporary disable MFA before we do enrollment. After the enrollment complete, we can then enable it.
@karthik palani , Hope things are going well. If there's anything else we can help, feel free to le us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 65%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi @Crystal-MSFT ,
I have same issue where I excluded the device from the Conditional Access policy requiring "device compliance" but didn't disable MFA and its working. Now considering whether excluding Microsoft Intune and Microsoft Intune Enrollment from the Conditional Access policy would work, instead of disabling MFA for all users?