Fixing Windows clients Intune automatic enrollment issues using PowerShell
If you are using automatic enrollment of your clients to Intune (via GPO or SCCM), you've probably encountered a situation when some of the clients failed to enroll. You could find this out by accident or by using my Intune clients report.
And I am talking about situations when all prerequisites are met and 95% of your clients have enrolled without any issues ๐.
I was facing such issue for several weeks now, but finally, I manage to create a working PowerShell function Reset-IntuneEnrollment that solves all enrollment issues (at least for us). Hopefully, it will help you too ๐
Reset-IntuneEnrollment function will:
- check actual device Intune status
- invoke Hybrid AzureAD join reset
- remove device record(s) from Intune
- remove local client Intune enrollment data
- invoke Intune re-enrollment
Btw this DSRegTool PowerShell script can help you too diagnose your registration/enrollment problems.
Prerequisites
- admin credentials for your Intune environment
- admin rights
- PowerShell modules
- Microsoft.Graph.Intune
- ActiveDirectory
- my custom PowerShell functions (I've added them to function body):
- Get-IntuneEnrollmentStatus
- Reset-HybridADJoin
- Connect-Graph
- Invoke-MDMReenrollment (this one is based on work of MauriceDaly)
- Get-IntuneLog
These custom functions can be used on their own and can be helpful too!
Usage
- Make sure you meet all prerequisites
- Download Reset-IntuneEnrollment script
- Dot source downloaded script
- Call function Reset-IntuneEnrollment
Result of calling Reset-IntuneEnrollment function can look like this:
Enjoy ๐