Issue: Unable to enroll devices in Microsoft Intune | iOS devices accessing protected Apps

Microsoft released an advisory on the issue Unable to enroll devices in Microsoft Intune and the issue with iOS devices accessing protected Apps. This issue impacts all types of Intune enrollment.

Some users may be unable to enroll devices in Microsoft Intune. Microsoft confirmed that this issue is impacting some particular Intune infrastructures, not all of them. Microsoft already released an advisory, IT439360, for affected customers.

There is another issue, IT439236, with iOS devices accessing Microsoft 365 and other applications. Offline devices (?) may be prevented from accessing these apps. Affected apps include, but are not limited to: – OneDrive for Business – Microsoft Outlook – Microsoft Teams. More details are below.

This enrollment issue includes the devices that are enrolled via the manual or Group Policy enrollment process and the Windows Autopilot process. In Microsoft 365 Advisory world, IT stands for Intune. If the advisory starts with IT, that means the advisory is issued for MEM Intune services. For example, IT439360 – Intune (IT) issue with device enrollment.

Patch My PC

There was another issue with Intune as part of the 2209 version release. We have reported this “Remote Action Buttons Missing Issue Within Intune MEM Admin Console.” This issue is already resolved. We don’t know whether the device enrollment issue is related to the 2209 release.

Issue Unable to enroll devices in Microsoft Intune
Issue Unable to enroll devices in Microsoft Intune – Fig 1

Issue Unable to enroll devices in Microsoft Intune

Microsoft’s Intune support team already confirmed on Twitter to Peter Cashen that they are aware of the problem affecting the enrollment of new devices.

The Intune device enrollment issue impacts all the enrollment methods for Windows devices. We haven’t heard about Intune enrollment issues with other iOS, macOS, and Android platforms. Following are the enrollment scenarios that are impacted.

Peter Cashen confirmed on Twitter that he could see IT431147, but that’s to do with PreProvisionng and Self Deploying related to TPM and Windows Autopilot. The issue (IT439360) related to enrollment is unavailable for his tenant. The IT439360 is available in admin.Microsoft portal.

There is also another issue (IT439236) related to iOS devices. Users using Intune-enrolled iOS devices see a message when attempting to access some apps, resulting in access delays. The users are encountering a message which delays access to some apps when using Intune-enrolled iOS devices.

Issue Unable to enroll devices in Microsoft Intune 2
Issue Unable to enroll devices in Microsoft Intune Fig. 2

FIX or Workaround for Unable to enroll devices in Microsoft Intune Issue

There is no workaround or fix provided by Microsoft yet on the Intune device enrollment issue. The status is the same for the iOS device application access issues.

Microsoft is analyzing service monitoring telemetry to determine the root cause and develop a mitigation plan. More info can be found in your SHD under IT439360. Microsoft also started collecting the Intune logs from impacted devices to analyze.

NOTE! – We don’t see this advisory for EUROPE regions. But the issue notification is available for the ASIA region.

User ImpactCurrent StatusScope of ImpactImpacted ServiceRoot Cause
Users may be unable to enroll devices in Microsoft Intune.Microsoft is checking the impacted infrastructure to investigate the problem. Also, they are collecting logs from affected devices to understand the root cause.The impact is specific to some users served through the affected Intune infrastructure.Microsoft IntuneThe investigation is going on from Microsoft’s side.
Issue Unable to enroll devices in Microsoft Intune – Table 1
Issue Unable to enroll devices in Microsoft Intune 3
Issue Unable to enroll devices in Microsoft Intune Fig. 3

Issue with iOS devices accessing Teams Outlook and OneDrive

Online iOS devices are facing some delays in accessing Microsoft 365 and other protected apps. Offline devices may be prevented from accessing these apps. Affected apps include, but are not limited to:

  • OneDrive for Business
  • Microsoft Outlook
  • Microsoft Teams

Microsoft investigation has determined that a recent update to the Software Development Kit (SDK) used to develop affected apps contained a code issue that prevents successful policy checks for Intune-enrolled iOS devices, resulting in impact.

Microsoft is in the process of validating a fix and expects to have a remediation timeline & that is not known yet. But Microsoft will confirm the remediation timeline by the next scheduled update.

User ImpactCurrent StatusScope of ImpactImpacted ServiceRoot Cause
Users are encountering a message which delays access to some apps when using Intune-enrolled iOS devices.MS investigation has determined that a recent update to the SDK used to develop affected apps contained a code issue that prevents successful policy checks for Intune-enrolled iOS devices, resulting in impact.Your organization is affected, and any user with an iOS device accessing the affected apps is impacted.Microsoft Intune
iOS/iPadOS devices
A recent SDK update contained a code issue that prevents successful policy checks for Intune-enrolled iOS devices, resulting in impact.
Issue Unable to enroll devices in Microsoft Intune – Table 2 – iOS devices accessing protected Apps
Issue Unable to enroll devices in Microsoft Intune iOS issue Fig. 4 - iOS devices accessing protected Apps
Issue Unable to enroll devices in Microsoft Intune iOS issue Fig. 4 – iOS devices accessing protected Apps

Author

Alok is a Master of Computer Applications (MCA) graduate. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.