October 03, 2018

5 Challenges in MDM Registration in Azure Intune

393 Views
5 Challenges in MDM Registration in Azure Intune

1. Windows Update

If you see Windows Update is showing Up-To-Date but, the version needed for MDM Registration is not updating automatically and fails repeatedly.

Solution:

  • Open the URL below in any Browser and Upgrade your Windows 10 system to the latest version needed online.
  • URL: https://www.microsoft.com/en-us/software-download/windows10
  • You will find a home page as screenshot below. Click on UPDATE Now button. It will download an .exe file. Run the file and click on UPDATE Now button and press YES. (Please do not download any media creation file from the same link)

5 Challenges in MDM Registration in Azure Intune

It will upgrade your Windows 10 system to a latest version.

Please note: You can continue your work during download & install the update and upon completion, it will ask to Restart your system which is mandatory. Make sure, your system is under uninterrupted power source during the update process.

2. Virus & Threat Protection or Windows Firewall are stopped after MDM Registration

Virus & Threat Protection is Stopped, and Windows Firewall is stopped in Windows Defender Security Center, though the device is Registered with Azure Intune.

Solution:

Open Registry Editor by typing “REGEDIT” at the search box and enter.
Navigate:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Right click and Modify the value of DisableAntiSpyware as “0”, as screenshot below.

5 Challenges in MDM Registration in Azure Intune

Open the Windows Defender Security Center as screenshot below

  • Click on Firewall & Network Protection and enable it.
  • Click on Restart Button under Virus & Threat Protection

5 Challenges in MDM Registration in Azure Intune

3. Third Party Antivirus/Firewall Or Prior Intune agent installed

Device will show “Not Evaluated”  after the device is successfully registered in MDM. This could be due to pre-existing Intune Agent or other Antivirus/Firewall programs installed.

How to check if any previous version of Intune Registered with Azure AD or any other Antivirus software installed in the system.

  • Uninstall all pre-installed end-point-securities or Antivirus software if any.
  • If you see Intune installed but you cannot see the program installed in App Control panel.
  • How to remove/check previously installed Intune endpoint security using Command Prompt.
    • Open “Command Prompt” with Run as Administrator
    • Change the Directory to C:\Program Files\Microsoft\OnlineManagement\Common
    • If you see the file “exe“ not there means there are no Intune installation history. No need to follow remaining steps.
    • Collect the service ID value from Registry
    • HKLM\SOFTWARE\Microsoft\OnlineManagement
    • Run the command: exe /UninstallClient /ServiceId “{<service ID>}” /TaskName “tempTask” /SubEventId 16

4. Make sure Enterprise Mobility & Security E3 License Enabled

Though the device is registered with Azure AD and Azure Intune your device will show Not Compliant if the Enterprise Mobile & Security E3 License is not issued to the user registered with AAD.

Enterprise Mobile & Security E3 License should be enabled in Office365 against the user to make the device COMPLIANT in Azure AD.

5. Device will show “Not Evaluated” if the User Account Control (UAC) not enabled

Though the device is registered with Azure AD and Azure Intune your device will show Not Evaluated in Azure portal if UAC is not enabled in your system.

It is mandatory to enable UAC to enroll your system in Azure Intune.

Please see the processes to enable UAC in your system to protect unauthorized changes and keep the settings as screenshot below.

5 Challenges in MDM Registration in Azure Intune

You may use the following command to enable UAC using Command Prompt. Open CMD with run as Administrator and run the command below.

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

  • Restart the device you are trying to register with Azure Intune.
  • Sync the device with AAD using the Work or School Account manually.

Leave a Reply

Your email address will not be published. Required fields are marked *