AUTOENROLLMENT FAILS WITH UNKNOWN ERROR 0x80180001 & 0x8018002a

Recently a customer called, that the Automatic Enrollment for MDM is not working as excepted and the clients are getting some errors during MDM Autoenrollment. Easy I thought, let’s have a look…

Within the Eventlog under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider the error Unknown Win32 Error code: 0x80180001 was triggerd.

Usually you configure MDM Automatic enrollment using a GPO after your devices are Hybrid Joined (to do so, check that post here).

Since Windows 10 1903 this GPO policy got a change. You can now select Device or User Authentication. If you select Device Authentication, a device token will be used to enroll the device, but this is not supported for Intune, based on this Docs article.

Also, another error caused in the Eventlog which indicates, that the GPO setting must be misconfigured:

MDM Enroll: Server Returned Fault/Code/Subcode/Value=(MessageFormat) Fault/Reason/Text=(Device based token is not supported for enrollment type OnPremiseGroupPolicyCoManaged 

As soon this GPO policy is applied to a device, a scheduled task is created and triggers the enrollment process every 5 minutes.

You can find this task under \Microsoft\Windows\EnterpriseMgmt. If you check the arguments for this specific task, you probably realize that the argument uses the string:

/c /AutoEnrollMDMUsingAADDeviceCredential

So, still device authentication is used. This causes our error. Let’s change that to User authentication.

To test the enrollment with user auth, you can ether changing the GPO to user authentication (this did not change the scheduled task arguments in my case, even after reboots, gpupdate, etc.) or just manually changing the string to:

/c /AutoEnrollMDMUsingAADUserCredential

After that, the devices started to auto enroll into Intune. Be aware, that auto enrollment, enrollment restriction and Azure AD device registration needs to be enabled and configured for that.

Your users will receive a toast message that some account settings has been changed.

If you use Azure MFA maybe another error will popup in the event log but not displayed to the enduser:

Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x8018002a)

This will also block the enrollment process. You can avoid that, by configuring an exclusion in Conditional Access for the “Microsoft Intune Enrollment” cloud app.

Hope this helps!

MY UPCOMING SPEAKING ENGAGEMENT

It is going to be a busy time until the end of November!
I’m very proud to be a part of some great conferences and user groups to present about Modern Workplace stuff like Modern Device Management and Microsoft 365 Governance.

AZURE USER GROUP ZURICH
Already next week you can join me at the Azure User Group in Zurich. There is a full track about Digital Cloud Workplace and how to move from a “legacy” management to a modern cloud (enabled) management or better I say, to a Modern Workplace! Of course, using tools from the Microsoft 365 products. If you like to join check out the agenda and register now for the MeetUp in Zurich:

Tuesday, October 29, 2019
Digital Cloud Workplace at Azure Zurich User Group

EXPERTS LIVE EUROPE
I am happy to let you know that I will be speaking at Experts Live Europe 2019 in Prague. The conference will be held in from November 20-22 2019. This is huge for me and I’m very happy to be a part of this conference, specially as a speaker in this year. If you’re interested to join, you can find more details about the conference here:

Wednesday – Friday, November 20-22, 2019
Experts Live Europe 2019, Prague
My session – 10:30, Club E!

GEEKMANIA
Also in November, at the 29th, we will be at a community event called Geekmania in Zurich, Switzerland. This event covers two tracks, one for Azure and another one for Microsoft 365. I’m happy to provide two sessions in the afternoon.
In the first session I will show, why and how you can use Microsoft 365 and in the second session we will talk about Modern Device Management. Would be cool to see you there and if you have, bring some questions!

Friday, November 29, 2019
geekmania 2019, Zurich, Switzerland

#COMMUNITYPOWER

SPEAKING ENGEMENT

SPEAKING AT EXPERTS LIVE SWITZERLAND 2019

I’m excited to be chosen as a speaker at Experts Live Switzerland 2019. Experts Live Switzerland 2019 will take place on June 20 in the Workspace Welle 7 in Bern Switzerland. Experts Live Switzerland is a one-day event with 17 sessions in three parallel tracks focusing on Microsoft Cloud, Datacenter and Modern Workplace opics, with Microsoft MVPs, speakers from Microsoft and other industry experts.

I am happy to speak about Modern Workplace and how you can move from a classic or legacy deployment to a new Modern Device deployment. This will cover some Microsoft 365 features like Windows 10, Autopilot & Intune.

Check out the Experts Live Switzerland for more detailed information’s. Would be cool to see you there!