GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. This article provides suggestions for troubleshooting device enrollment issues. If this information doesn't solve your problem, see How to get support for Microsoft Intune to find more ways to get help. Before you begin troubleshooting, check to make sure that you've configured Intune properly to enable enrollment.
You can read about those configuration requirements in:. Your managed device users can collect enrollment and diagnostic logs for you to review. User instructions for collecting logs are provided in:. Check to see that the user isn't assigned more than the maximum number of devices by following these steps:.
Note the value in the Device limit column. Note the number of devices. If the user's number of enrolled devices already equals their device limit restriction, they can't enroll any more until:. You can avoid the device enrollment cap by using Device Enrollment Manager account, as described in Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune.
A user account that is added to Device Enrollment Managers account will not be able to complete enrollment when Conditional Access policy is enforced for that specific user login. On an Android device, you'll need to manually install the Intune Company Portal app, after which you can retry enrolling. Verify that the MDM Authority has been set appropriately.
Resolution: In the Microsoft admin centerremove the special characters from the company name and save the company information. Users with the user principal name UPN suffix of the second domain may not be able to log into the portals or enroll devices. A rollup for AD FS 2. For more information, see this blog. The following table lists errors that end users might see while enrolling Android devices in Intune. Issue: Some Samsung devices that are running Android versions 4.
If devices don't check in:. Samsung Smart Manager software, which ships on certain Samsung devices, can deactivate the Intune Company Portal and its components. When the Company Portal is in a deactivated state, it can't run in the background and can't contact the Intune service.
Tell your users to start the Company Portal app manually. Once the app restarts, the device checks in with the Intune service. Tell your users to try upgrading to Android 6. The deactivation issue doesn't occur on Android 6. If Resolution 2 doesn't work, have your users follow these steps to make Smart Manager exclude the Company Portal app:. Under App power saving or App optimizationselect Detail.
Under App power saving or App optimizationconfirm that Company Portal is turned off.
Common questions, issues, and resolutions with device policies and profiles in Microsoft Intune
Issue: A user receives a Profile installation failed error on an Android device. Confirm that the user is assigned an appropriate license for the version of the Intune service that you're using. Issue : Users receive the following message on their device: You can't sign in because your device is missing a required certificate. The user might be able to retrieve the missing certificate by following the instructions in Your device is missing a required certificate.
If the error persists, try Resolution 2. After entering their corporate credentials and getting redirected for federated login, users might still see the missing certificate error. The certificate error occurs because Android devices require intermediate certificates to be included in an SSL Server hello.
The follow steps describe just one of many methods and tools that you can use to validate that the certificate installed correctly.With this change, we aim to improve enrollment experience and give end users a shortened work flow. When we roll this change out, if you enroll new devices authenticating with Setup Assistant, you can choose whether or not to deploy the Intune Company Portal app automatically in Intune not Azure not available in hybrid MDM. Let us know if you have any questions!
Thanks for the update. We use the setup assistant today to enroll users, but we also deploy the company portal app at the same time and ask them to complete the enrollment in the Company Portal app for CA policies.
Would we need to do this to all our existing devices that already have the Company Portal app installed if these used the OS Setup Assistant for the initial login? The Company Portal is also set as required app, so the phones are "blocked" until it has been pushed to the device and the user has logged in. I am currently experiencing issues with the Profile installation by the enrollment. I troubleshooted with all the recommendations from Microsoft but so far it doesn't work Also some users with iPhone's which were already registered, after the Can you please help?
Since I opened last week a ticket with Support but they don't answer For 2, no customization required. See Intune docs for supported data types". There was an error accepting the xml in the Intune backend but it's now been fixed. I took screenshots so the difference should be visible - would be interesting to know which version we should use.
Opened with Edge Dev:. Thanks and BR. Using the default text, I get the following error:. Has anyone gotten this to work with iOS 13? You must be a registered user to add a comment.
If you've already registered, sign in. Otherwise, register and sign in. Sign In. Azure Dynamics Microsoft Power Platform. Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for. Did you mean:. Intune Support Team. Enrolling corporate iOS devices authenticating with Setup Assistant. Experience for enrolling new devices When we roll this change out, if you enroll new devices authenticating with Setup Assistant, you can choose whether or not to deploy the Intune Company Portal app automatically in Intune not Azure not available in hybrid MDM.
Create an app configuration policy with the xml below. More information on how to create an app configuration policy and enter xml data can be found at Add app configuration policies for managed iOS devices or Apply settings to iOS apps with app configuration policies in System Center Configuration Manager for hybrid MDM.
Tell end users to sign into the Company Portal app when it is automatically installed. Tags: Company Portal.Enroll your iOS device with the Intune Company Portal app to gain secure access to your organization's email, files, and apps. After your device is enrolled, it becomes managed.
Set up iOS device access to your company resources
Your organization can assign policies and apps to the device through a mobile device management MDM provider, such as Intune. To maintain access to work or school information from your device, you'll need to configure your device to match your organization's preferred settings.
This article describes how to use Company Portal to enroll you device and maintain your organization's setting requirements. If you tried to access company email in the Mail app, and received a prompt to get your device managed, you're in the right place. Follow the instructions below to get access to your email and other company resources on your iOS device. During initial setup, the app requires that you authenticate yourself with your organization.
It then informs you of any device settings you must update. For example, organizations often set minimum or maximum character password requirements that you'll be required to meet. After your device is enrolled, the Company Portal app will continue to make sure that your device is protected.
If you install an app from an untrusted source, for example, the app will alert you and sometimes revoke access to company data.
This kind of policy is common in organizations, and often requires you to uninstall the untrusted app before you can regain access.
If after enrollment your organization enforces a new security requirement, such as multi-factor authentication, the Company Portal app will notify you. You'll have the chance to adjust your settings so that you can continue to work from your device.
To learn more about enrollment, see What happens when I install the Company Portal app and enroll my device? Go to the App store to download and install the Intune Company Portal app on your device.
You'll also need to maintain a Wi-Fi connection and have access to Safari during enrollment. Pausing for more than a few minutes during enrollment might cause the app to close or end setup. If this happens, open the Company Portal app and try again. When prompted to receive Company Portal notifications, tap Allow. Company Portal uses notifications to alert you if, for example, your device settings need to be updated.
The Select device and enrollment type screen appears and prompts for your device type. If you don't see this screen, skip to Secure entire device to finish setup. These next steps and screens will differ depending on your iOS version.
Follow the steps for your iOS version. Safari opens the Company Portal website on your device. When prompted to download the configuration profile, tap Allow. If you're on a device running:. If you accidentally tap Ignorerefresh the page.There are two scenarios where we need to sync the Intune policies as soon as possible from end user devices.
What is the default sync time for devices? Different platforms have different default sync timings policy refresh timings. So, policy refresh intervals for Devices managed by Microsoft Intune are hard coded.
Following are the default Intune policy refresh intervals Those scenarios are wipe, lock, passcode reset, new app deployment, new profile deployment Wi-Fi, VPN, email, etc. Different device platforms have different options to manually initiate a sync with Intune.
For Windows devices, there are two options to immediately sync the device or user Intune policies. Select the device which you have logged in from the device list if user has more than one device. Once you are there then, click on compliance check link and wait for it wo complete. If your Windows 10 device has Intune company portal installed then, you can use the following method to immediately initiate the Intune policy sync. This will help user to get the updated policies immediately applied to the device.
Open the company portal app and go to my devices — click on the Android or iOS device which you are using, click on the check compliance link. This will initiate a new policy sync with Intune and intern check the compliancy of the iOS or Android device. This was just what I was looking for, thanks. Hi How can I redeploy the same profile on the device. But when I delete this values this process not create again this values during next sync. It is look like profile have some flag to Apply only one time.
Is possible to profile reapply on every sync process and recreate this values on the registry? This is known fact. This is the way MDM policies work. This is why we can control the user rights…. It depends on which OS.
Save my name, email, and website in this browser for the next time I comment. Notify me of follow-up comments by email. Notify me of new posts by email.
This site uses Akismet to reduce spam. Learn how your comment data is processed. How to Manage Devices. When the devices have just enrolled, the Intune policy check-in frequency will be more frequent more details as follows Please enter your comment!Stay at home, save lives Coronavirus updates and guidance.
Find out how to install and use the Company Portal app to access your staff email. Follow the uninstall instructions if you:. Skip to main navigation. Skip to main content. Alert Stay at home, save lives Coronavirus updates and guidance. On this page Chevron pointing down. Make sure your device is fully charged keep it plugged in and connected to wifi. Enable encryption if it isn't enabled already.
The exact process differs between phones. If you get stuck: search online for your device name and enable encryption.How to enroll Android Device with Intune- A Step By Step Guide
Open the app and sign in with your full username and password. Click Begin once the Company Access Setup procedure starts. Click Continue until you reach the What comes next? Click Enroll and an Activate device administrator? Click Confirm to agree to the terms and conditions.
Click Continue to proceed with Device Compliance. A Checking Compliance loading screen will appear. If you have no passcode, a weak passcode or encryption is not enabled A Resolve Compliance Issues page will appear. Device Compliance should now show a green tick. Click Continue to reach the Setup Complete page and select Done. You can now install the Outlook email app from within Company Portal.
Last updated 30 August Guides ITEmailSecurity. View more guides from UoDIT.What does this guide do? This guide helps administrators understand how to configure and troubleshoot Android enterprise devices in a Microsoft Intune environment.
Who is it for? Administrators who implement and oversee a Microsoft Intune environment that manages Android enterprise devices. How does it work? This guide covers common scenarios including onboarding to Google, application deployment, enabling work profile enrollment, configuring conditional access, the work profile enrollment end-user experience, and issuing a work profile passcode reset.
It helps you decide which management capability is the best for your organization and provides a FAQ about Android enterprise. Estimated time of completion: minutes.
Select one of the following, or start with Evaluate your needs — BYOD or dedicated devices and follow each step in order:. The example used in this guide focuses on BYOD scenarios. This feature allows work apps and data to be stored in a separate, self-contained, company managed space on the device.
Dedicated devices are typically locked to a single app or set of apps also known as kiosk mode which allows the administrator to control things such as the status bar, keyboard layouts, the lock screen and other settings on the device. It prevents users from enabling other apps or changing certain settings on dedicated devices. Be aware that devices that you manage in this manner are enrolled in Intune without a user account and aren't associated with any end-user.
They aren't intended for personal use applications or apps that have a strong requirement for user-specific account data such as Outlook or Gmail. When you decide how to enroll your devices, also be aware that not all features are available for both methods. The following table shows some key differences. The first step in configuring Android enterprise in your environment is to connect your Intune tenant account to your Android enterprise account.
To do this, follow these steps:. After your Intune account is connected to your Android enterprise account, you can deploy some applications by following these steps:. For more information about configuring and managing Android enterprise devices, see the following documents:.
Many support engineers, MVPs and members of our development team frequent the forums. If all else fails and you want to open a support request with the Microsoft Intune product support team, you can find information on how to do that here:.
How to get support for Microsoft Intune. Skip to main content. Select Product Version. All Products. Evaluate your needs — BYOD or dedicated devices. Connect Intune account to Android enterprise account.
Configuring and troubleshooting Android enterprise devices in Microsoft Intune
Deploy applications. Enable Android enterprise work profile enrollment. Set up conditional access. Enroll your Android enterprise device. Reset Android work profile passcodes. Frequently asked questions. Show me how to connect Intune account to Android enterprise account. My problem is resolved, end this guide.
Go back to the beginning.Get answers to common questions when working with device profiles and policies in Intune. This article also lists the check-in time intervals, provides more detains on conflicts, and more. You create a corporate Wi-Fi profile, deploy the profile to a group, change the password, and save the profile.
When the profile changes, some users may not get the new profile. To mitigate this issue, set up guest Wi-Fi. If the corporate Wi-Fi fails, users can connect to the guest Wi-Fi. Be sure to enable any automatically connect settings. Deploy the guest Wi-Fi profile to all users. Intune notifies the device to check in with the Intune service. The notification times vary, including immediately up to a few hours. These notification times also vary between platforms.
If a device doesn't check in to get the policy or profile after the first notification, Intune makes three more attempts. An offline device, such as turned off, or not connected to a network, may not receive the notifications. In this case, the device gets the policy or profile on its next scheduled check-in with the Intune service. The same applies to checks for non-compliance, including devices that move from a compliant to a non-compliant state.
If the device recently enrolled, the compliance, non-compliance, and configuration check-in runs more frequently, which is estimated at:. There are different actions that trigger a notification, such as when a policy, profile, or app is assigned or unassignedupdated, deleted, and so on. These action times vary between platforms. Devices check in with Intune when they receive a notification to check in, or during the scheduled check-in. When you target a device or user with an action, such as lock, passcode reset, app, profile or policy assignment, then Intune immediately notifies the device to check in to receive these updates.
Other changes, such as revising the contact information in the Company Portal app, don't cause an immediate notification to devices. The settings in the policy or profile are applied at every check-in. The Windows 10 MDM policy refresh blog post may be a good resource.