Whether corporate-owned or user-provided, endpoint devices can pose serious issues for security administrators. Online criminals frequently target endpoint devices, especially if they are old or out of date, and lax device management can encourage malicious-minded users to steal data. But devices are how we access technology services and resources—removing them holds no benefit at all.
Many organisations depend on Microsoft Intune to manage the wide range and depth of available devices. This cloud-based service helps manage company and personal devices (mobile devices, laptops, desktops, tablets, and IoT or 'machine' devices) across their deployment, update, and removal lifecycles.
Intune is very powerful, often offering more than many other mobile device management (MDM) services.
It integrates with other Microsoft services like Microsoft Entra ID, Microsoft Defender for Endpoint, and Windows Autopilot (for automated device configuration). It offers self-service features and automation capabilities that take pressure off administrators and security teams.
However, Intune enrolments can fail, and administrators must intervene to resolve the problem. Several issues can lead to such failures, sometimes on the Intune platform but often due to device misconfigurations.
Performanta's experts help our customers resolve Intune issues. We've noted that the most common problems occur under one of three areas: Intune licence assignments, duplicate devices, and misconfigurations.
Intune licence assignments
Many enrollment issues relate to licence assignment problems, such as invalid or duplicate licences, or reaching the limits of licence conditions. Some common errors include:
This Account is Not Allowed on This Phone: The device needs a valid Intune licence assigned to it.
User Name Not Recognised/Unauthorised to use Intune: Check the username among the Intune admin centre's active users and assign a valid licence.
Profile installation failed: This error can relate to multiple problems, such as being unable to reach the Intune configuration server due to a network issue. Still, this problem often occurs because the user has no valid licence.
Device Cap Reached: This is not really a licensing issue, though licences can dictate how many devices a user can enrol. Check and change device limits in the Admin centre and how many devices a user has enrolled. Also, periodically remove stale devices.
Duplicate devices
Intune will block attempts to enrol duplicate devices or devices that already have other MDM services on them, or if users reset devices, then enrol them again as a new device:
The Device/Machine is Already Enrolled: A different user has already enrolled the device, or another MDM service is managing the device. Revoke that account's access or remove the previous MDM software, then re-enrol the device.
The Device is Already Enrolled in Another Organization/Managed by Another Service: This error often happens when a new user's device is still enrolled with their previous organisation, which must remove the device from their Intune and Entra ID records before it can be enrolled.
Device/Service misconfigurations
Several problems can occur when enrolling devices that have not been configured correctly, or if Intune's configuration does not allow for certain enrollment scenarios:
Error: 80180014: This error often appears when someone tries to enrol a personal device, but Intune is not configured to allow management of personal devices. It also often surfaces when Windows Autopilot cannot implement preset configurations. In Intune's Admin Centre, go to Enrollment Device Platform Restrictions and enable personal devices.
Profile installation failed: Several issues can create this error. The most common reasons are restrictions on certain devices (particularly those running Apple's iOS) and enrolling a device already enrolled under a different user or MDM service. It could also result from a licensing issue. Solutions include changing the on-device management profile, resetting the device, and changing relevant profile settings in Intune.
ADE Enrollment Stuck at User Login: Apple devices can use an Apple Automated Device Enrollment (ADE) service, which does not support multi-factor authentication (MFA) during enrolment. To fix this error, temporarily disable MFA for that user, then re-enable it after they enrol the device.
The Device is Not Compatible with Intune: The device or its operating system's version is incompatible with Intune. Check if it meets Intune's minimum requirements and update the operating system. Compatibility issues can also occur due to licence limitations or enrolment methods.
Microsoft Intune is powerful and has many layers. Sometimes, an error can point to multiple issues and complicate troubleshooting. But don't waste hours trying to find the issue or compromise your Intune security by opening the doors to more devices than necessary.
Performanta are experts in configuring Intune based on your device and user profiles. If you struggle to get Intune to cover your workforce, contact us, and let us help guide you in creating airtight device management in your Microsoft environment.