The notes for the deployment for the “Join AzureAD” task say that it needs “a user in the tenant’s AzureAD (the clients azure tenant). The user does not need to be an admin, and the user does not need to be licensed.”. When we create such a user with no license and no admin privileges, the task fails with the error:
error : invalid_request
error_description : AADSTS240005: Missing required user role to acquire a bulk AADJ token. For more information please go to Bulk enrollment for Windows devices - Microsoft Intune | Microsoft Learn.
Has Microsoft moved the goalposts since this task was put together? Or is there something else I’m not seeing?