Microsoft Entra hybrid joined devices fail to enroll and generate error 0x8018002a

Question

I have an issue when try to enroll in Intune as Hybrid joined and i am getting error "Error: Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x8018002a) Warning: Auto MDM Enroll DmRaiseToastNotificationAndWait Failure (Unknown Win32 Error code: 0x8018002a)" user is part of MFA conditional access policy and "device should be compliant" conditional access policy where I excluded the device from the Conditional Access policy requiring "device compliance" but didn't disable MFA and it start working I'm now considering whether excluding Microsoft Intune and Microsoft Intune Enrollment from the Conditional Access policy would work, instead of disabling MFA for all users?

Answer 1

In my experience, I have found conditional access policy requiring mfa or other conditions like compliant device can interfere with the automatic enrolment especially for hybrid joined devices. I had to almost every time exclude the Intune enrolment apps from the CA policies.

Answer 2

@Muhammad Safeer Saqib, Thanks for posting in Q&A. Yes, the issue occurs when multifactor authentication (MFA) is Enforced.

https://learn.microsoft.com/en-us/troubleshoot/mem/intune/comanage-configmgr/troubleshoot-co-management-auto-enrolling#microsoft-entra-hybrid-joined-devices-fail-to-enroll-and-generate-error-0x8018002a

To fix the issue, use one of the following methods:

• Set MFA to Enabled but not Enforced. For more information, see Set up multifactor authentication.
• Temporarily disable MFA during enrollment in Trusted IPs.

You can try the above suggestion to see if it can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.