Can’t get the AzureAD Join feature to work within a tenant. Created a service account for ImmyBot to use, provided consent, provided privileges with Intune Admin access, assigned a license and assigned DEM role. However when I try to use ImmyBot to onboard a laptop it says it failed DEM role not assigned. Can onboard to the Azure tenant manually just fine. Tried reaching out to support, but it’s been a week and we still haven’t heard anything back from them.
Same. I stopped including it in client deployments today and I’m going back to manually signing in with the user.
Honestly, the only upside to using Immybot over our old MDT setup is being able to remotely setup clients PC’s. Unfortunately, that accounts for only about 10% of the PC’s I do and I’m starting to think it’s just not worth $400 a month when you account for headaches like this.
This task is working for us.
Is the account explicitly listed in Intune under Enrollment Managers?
Endpoint Manager > Devices > Enroll Devices > Device Enrollment Managers
Also check:
Endpoint Manager > Devices > Enrollment Restrictions
Make sure the DEM account or the group it’s in isn’t blocked or subject to platform restrictions.
You might get more detail by expanding the Immy logs if you haven’t already. I’ve seen cases where the last error is generic, but the actual issue was stated in the logs somewhere. Also worth checking the device or enrollment logs directly in Intune for anything more specific.