This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 14.000000000000002%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
I'm working in a hybrid environment, and all of my devices show up as "Hybrid Azure AD joined" in Azure, which is great. However, the issue is that some devices are successfully enrolling into Intune, while others are not.
I've already verified the following settings but am still unable to get auto-enrollment working:
Despite these configurations, the Event Viewer shows the following error:
Auto MDM Enroll Get AAD Token: Device Credential (0x0), Resource Url (NULL), Resource Url 2 (NULL), Status (Mobile Device Management (MDM) is not configured.)
Auto MDM Enroll: Device Credential (0x0), Failed (Mobile Device Management (MDM) is not configured.)
Any suggestions on what could be causing this issue or any additional steps I should check?
How are you enrolling in Intune? GPO? Is the enrolling user logged in and assigned with an Intune license? Any Conditional access policy in place for enforcing MFA?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@TARIQ HANIF Thanks for posting in our Q&A.
For this issue, we appreciate your help to collect some information:
1.Ensure that all users logging into the devices have Microsoft Intune licenses assigned.
2.Make sure the devices are properly Microsoft Entra hybrid joined (previously known as Hybrid Azure AD joined). You can verify this by running the dsregcmd /status command on the devices and checking the AzureADJoined, DomainJoined and AzureAdPrt statuses.
3.Double-check that the Group Policy Object (GPO) for automatic MDM enrollment is correctly configured. The GPO should be set to use user credentials, and it should be applied to the correct Organizational Units (OUs) containing the devices.
4.As Rahul Jindal said, please check if there are any Conditional Access policies that might be enforcing Multi-Factor Authentication (MFA) for the users. MFA can sometimes interfere with the enrollment process.
If there is anything update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@TARIQ HANIF Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.