We are still encountering failures after changing to custom permissions and setting up a custom app registration. After updating, we did make sure to re-do partner consent, customer consent, and consent in the AAD deployment. Provisioning packages and InTune Enrollment are already excluded from MFA.
Logs from the enforcement stage are below. I tried looking into some of the errors like “Device based token is not supported for enrollment type UserCorporateWithAADNotInOobe”, but this seems to be a red herring as there is nothing configured to force user-driven or exclude device-driven enrollment after OOBE.
PROGRESS: Processing - Retrieving destination TenantId from OAuthInfo
PROGRESS: Processing - Found 2 Jwt Section(s)
PROGRESS: Processing - Getting AzureAD Join Status...
PROGRESS: Processing - CurrentTenantID: <redacted>
PROGRESS: Processing - DestinationTenantID: <redacted>
PROGRESS: Processing - Machine is joined to <redacted>
PROGRESS: Processing - RequireIntuneEnrollment is set. Checking Intune enrollment and DEM account permissions.
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 response of content type application/json of unknown size
VERBOSE: Content encoding: utf-8
VERBOSE: User '<redacted>' has a license suitable for Intune enrollment.
VERBOSE: Not sending count to the deviceManagement API
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 response of content type application/json of unknown size
VERBOSE: Content encoding: utf-8
Write-Error:
Line |
64 | Write-Error "Error occurred: $_"
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error occurred: Forbidden:Make sure you have the ImmyBot Azure integration setup to use a Custom App Registration with API Permissions for /deviceManagement/managedDevices
VERBOSE: The DEM account has permissions to enroll the device.
VERBOSE: Checking OS from Machine
PROGRESS: Processing - Proceeding to unjoin the device from Azure.
DsrCLI: logging initialized.
DsrCmdJoinHelper::Leave: ClientRequestId: <redacted>Unjoin request ID: <redacted>
Unjoin response time: Wed, 13 Nov 2024 22:26:12 GMT
Unjoin HTTP status: 200
DSREGCMD_END_STATUS
AzureAdJoined : NO
EnterpriseJoined : NO
2024-11-13T22:26:14: Restarting Computer
VERBOSE: Verifying post restart connectivity
PROGRESS: Processing - Not setting Wireless Profile to automatic as machine is not connected via wireless
VERBOSE: Getting last boot time
VERBOSE: EventViewer NetworkAdapter LastBootTime Average
----------- -------------- ------------ -------
11/13/2024 1:39:38 PM 11/13/2024 1:39:37 PM 11/13/2024 1:39:37 PM 11/13/2024 1:39:37 PM
VERBOSE: LastBootTime: 11/13/2024 21:39:37
VERBOSE: Importing Bitlocker Module
VERBOSE: Successfully suspended Bitlocker
VERBOSE: Executing Reboot
PROGRESS: Processing - Stopping the ImmyAgent Service
PROGRESS: Processing - ImmyAgent Service Stopped
PROGRESS: Processing - Running shutdown /t 0 /g /f
PROGRESS: Processing - Shutdown Initiated successfully
PROGRESS: Processing - 2024-11-13T22:26:25 Total time allowed to wait for a reboot is 30 minutes
PROGRESS: Processing - 2024-11-13T22:26:25 Waiting for agent to come online for 120 seconds. Will begin internal polling after 60 seconds
PROGRESS: {2024-11-13T22:26:56.9393592Z} Agent Event: [ImmyBot Agent] => Connected - Wait-ImmyComputer
PROGRESS: Processing - 2024-11-13T22:26:56 Waited 31.6193988 seconds for an agent connection event...
PROGRESS: Processing - 2024-11-13T22:26:56 Attempting to get boot time
WARNING: Key 'EphemeralAcquisition-2111' is waiting to be acquired by [AcquireEphemeralAgentAsync] (<redacted>).
WARNING: Key 'EphemeralAcquisition-2111' is now held by [AcquireEphemeralAgentAsync] (<redacted>).
VERBOSE: Acquired global lock for Ephemeral session.
VERBOSE: The existing ephemeral session is no longer connected. Will generate a new ephemeral agent.
VERBOSE: Determining online agents to run the ephemeral agent...
VERBOSE: Found 1 online agent.
VERBOSE: Generating & linking ephemeral agent session to computer...
VERBOSE: Starting ephemeral agent over available providers: [ImmyBot Agent]
VERBOSE: Waiting for ephemeral agent RPC connection to establish.
VERBOSE: ImmyBot Agent: Global\ImmyBot-<redacted> got in 3.1298 ms
Running C:\ProgramData\ImmyBot\Scripts\<redacted>\ImmyBot.Agent.Ephemeral.exe ephemeral run --ImmyScriptPath C:\ProgramData\ImmyBot\Scripts\<redacted> --BackendAddress wss://<redacted>.immy.bot/ --SessionID <redacted>
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
164 14 3268 9056 0.00 6608 0 ImmyBot.Agent.Ephemeral
Released
VERBOSE: Ephemeral agent RPC connection established.
VERBOSE: Releasing global lock for Ephemeral session.
VERBOSE: Checking for any preflight scripts to run...
VERBOSE: Executing preflight script - Is Machine Fully Booted
VERBOSE: EventViewer NetworkAdapter LastBootTime Average
----------- -------------- ------------ -------
11/13/2024 2:26:43 PM 11/13/2024 2:26:42 PM 11/13/2024 2:26:42 PM 11/13/2024 2:26:42 PM
VERBOSE: 2024-11-13T22:27:01 Comparing : 2024-11-13T22:26:42 -gt 2024-11-13T21:39:37 = True
PROGRESS: Processing - An agent reconnected after waiting 36 seconds.
PROGRESS: Processing - <redacted> is Online. Reboot complete
PROGRESS: Processing - Refreshing Azure join status...
PROGRESS: Processing - Joining <redacted>.com AzureAD
VERBOSE: DsRegCmd:
DeviceState : @{AzureAdJoined=False; EnterpriseJoined=False; DomainJoined=False; Virtual Desktop=NOT SET; Device Name=<redacted>}
UserState : @{NgcSet=False; WorkplaceJoined=False; WamDefaultSet=ERROR (0x80070520)}
SSOState : @{AzureAdPrt=False; AzureAdPrtAuthority=False; EnterprisePrt=False; EnterprisePrtAuthority=False}
IEProxyConfigforCurrentUser : @{Auto Detect Settings=True; Auto-Configuration URL=; Proxy Server List=; Proxy Bypass List=}
WinHttpDefaultProxyConfig : @{Access Type=DIRECT}
NgcPrerequisiteCheck : @{IsDeviceJoined=False; IsUserAzureAD=False; PolicyEnabled=False; PostLogonEnabled=True; DeviceEligible=True; SessionIsNotRemote=True; CertEnrollment=none; PreReqResult=WillNotProvision; For more information, please visit https=//www.microsoft.com/aadjerrors}
@{WindowsProductName=Windows 10 Pro; WindowsVersion=2009; OsHardwareAbstractionLayerVersion=}
VERBOSE: DsRegCmdAADStatus: False
VERBOSE: Getting Enrollments
VERBOSE: AADJoinEnrollmentRegistryKey:
VERBOSE: No existing enrollments found
VERBOSE: Initiating removal of any existing device enrollments
PROGRESS: Starting - Registry Test
VERBOSE: AADJoinEnrollmentRegistryKey:
VERBOSE: Verifying device Azure AD join status
VERBOSE: Both the registry and DSRegCmd indicate that the device is NOT joined to Azure AD.
PROGRESS: Completed - Registry Test - 100%
PROGRESS: Initializing BPRT retrieval - BPRT
PROGRESS: Using cached BPRT - BPRT - 10%
PROGRESS: Processing - Found 2 Jwt Section(s)
VERBOSE: CacheKey: BPRT-<redacted>.com
PROGRESS: Generating BPRT - BPRT - 30%
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 1045-byte response of content type application/x-www-form-urlencoded
VERBOSE: Content encoding: utf-8
VERBOSE: Found existing entry for CacheKey BPRT-<redacted>.com [F14F686C234A5678EBA5F152E2D95100]
VERBOSE: UpdatedUtc : 09/17/2024 16:51:12
Data : <redacted>
VERBOSE: Not expired, return the data
PROGRESS: BPRT retrieved successfully - BPRT - 100%
PROGRESS: Starting - .NET Registry Settings Check
PROGRESS: Checking .NET Framework v2.0.50727 SystemDefaultTlsVersions - .NET Registry Settings Check - 25%
VERBOSE: Testing HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions
VERBOSE: HKLM Detected
VERBOSE: Get-WindowsRegistryValue:
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions skipping type check since desired type was not specified
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions 1 matches 1
True
PROGRESS: Checking .NET Framework v2.0.50727 SchUseStrongCrypto - .NET Registry Settings Check - 50%
VERBOSE: Testing HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SchUseStrongCrypto
VERBOSE: HKLM Detected
VERBOSE: Get-WindowsRegistryValue:
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SchUseStrongCrypto skipping type check since desired type was not specified
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SchUseStrongCrypto 1 matches 1
True
PROGRESS: Checking .NET Framework v4.0.30319 SystemDefaultTlsVersions - .NET Registry Settings Check - 75%
VERBOSE: Testing HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SystemDefaultTlsVersions
VERBOSE: HKLM Detected
VERBOSE: Get-WindowsRegistryValue:
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SystemDefaultTlsVersions skipping type check since desired type was not specified
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SystemDefaultTlsVersions 1 matches 1
True
PROGRESS: Checking .NET Framework v4.0.30319 SchUseStrongCrypto - .NET Registry Settings Check - 100%
VERBOSE: Testing HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SchUseStrongCrypto
VERBOSE: HKLM Detected
VERBOSE: Get-WindowsRegistryValue:
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SchUseStrongCrypto skipping type check since desired type was not specified
VERBOSE: Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 SchUseStrongCrypto 1 matches 1
True
PROGRESS: Completed - .NET Registry Settings Check
PROGRESS: Attempt 1 of 3 - Applying Provisioning Package - 33%
VERBOSE: Checking Device-Sync Task
WARNING: Device-Sync Task was disabled. Enabling to prevent error code: 0xCAA50021
VERBOSE: {
"Modules": [
{
"BPRT": "<redacted>",
"Type": 7
}
],
"PackageName": "<redacted> AzureAD Join Provisioning Package"
}
PROGRESS: Sending request for PPKG - Generating PPKG - 50%
VERBOSE: POST with -1-byte payload
VERBOSE: received 21278-byte response of content type application/octet-stream
PROGRESS: Successfully generated PPKG - Generating PPKG - 100%
PROGRESS: Writing PPKG to disk - Preparing PPKG - 50%
PROGRESS: PPKG written to disk - Preparing PPKG - 100%
PROGRESS: Running provtool.exe - Installing PPKG - 70%
VERBOSE: Provtool.exe process is hanging and will be forcibly stopped to continue.
PROGRESS: Installation completed - Installing PPKG - 100%
VERBOSE: Provisioning exit code: MSFT_ScheduledTask (TaskName = "Device-Sync", TaskPath = "\Microsoft\Windows\Workplace Join\") TimedOut
PROGRESS: Collecting WinEvent Logs - PPKG Error Check
VERBOSE: Constructed structured query:
<QueryList><Query Id="0" Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin"><Select Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:27:12.000Z'])]</Select></Query><Query Id="1" Path="microsoft-windows-aad/operational"><Select Path="microsoft-windows-aad/operational">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:27:12.000Z'])]</Select></Query></QueryList>.
PROGRESS: Processing event 1 of 11 - Analyzing Events - 9%
VERBOSE: 11/13/2024 22:27:17 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
WARNING: ErrorCode: 0xC0048451
WARNING: ErrorCode: 0xC0048451
PROGRESS: Processing event 2 of 11 - Analyzing Events - 18%
VERBOSE: 11/13/2024 22:27:17 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
WARNING: ErrorCode: 0xC0048459
WARNING: ErrorCode: 0xC0048459
PROGRESS: Processing event 3 of 11 - Analyzing Events - 27%
VERBOSE: 11/13/2024 22:27:22 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Processing event 4 of 11 - Analyzing Events - 36%
VERBOSE: 11/13/2024 22:27:25 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Processing event 5 of 11 - Analyzing Events - 45%
VERBOSE: 11/13/2024 22:27:37 - Error - MDM Enroll: Server context (d3369d54-a739-4933-a992-72ffa979c867).
PROGRESS: Processing event 6 of 11 - Analyzing Events - 55%
VERBOSE: 11/13/2024 22:27:37 - Error - MDM Enroll: Server Returned Fault/Code/Subcode/Value=(Authorization) Fault/Reason/Text=(Authorization).
PROGRESS: Processing event 7 of 11 - Analyzing Events - 64%
VERBOSE: 11/13/2024 22:27:37 - Error - MDM Enroll: Failed to receive or parse certificate enroll response. Result: (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.).
PROGRESS: Processing event 8 of 11 - Analyzing Events - 73%
VERBOSE: 11/13/2024 22:27:37 - Error - MDM Enroll: Failed (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.)
PROGRESS: Processing event 9 of 11 - Analyzing Events - 82%
VERBOSE: 11/13/2024 22:27:38 - Error - MDM ConfigurationManager: Command failure status. Configuration Source ID: (<redacted>), Enrollment Name: (Provisioning), Provider Name: (AADJ), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/AADJ/BPRT), Result: (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.).
PROGRESS: Processing event 10 of 11 - Analyzing Events - 91%
VERBOSE: 11/13/2024 22:27:38 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
WARNING: ErrorCode: 0xC0048451
WARNING: ErrorCode: 0xC0048451
PROGRESS: Processing event 11 of 11 - Analyzing Events - 100%
VERBOSE: 11/13/2024 22:27:38 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
WARNING: ErrorCode: 0xC0048459
WARNING: ErrorCode: 0xC0048459
PROGRESS: Errors detected - Processing Provisioning Package - 100%
WARNING: AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
PROGRESS: Attempt 2 of 3 - Applying Provisioning Package - 67%
VERBOSE: Checking Device-Sync Task
WARNING: Device-Sync Task was disabled. Enabling to prevent error code: 0xCAA50021
VERBOSE: {
"Modules": [
{
"BPRT": "<redacted>",
"Type": 7
}
],
"PackageName": "<redacted> AzureAD Join Provisioning Package"
}
PROGRESS: Sending request for PPKG - Generating PPKG - 50%
VERBOSE: POST with -1-byte payload
VERBOSE: received 21281-byte response of content type application/octet-stream
PROGRESS: Successfully generated PPKG - Generating PPKG - 100%
PROGRESS: Writing PPKG to disk - Preparing PPKG - 50%
PROGRESS: PPKG written to disk - Preparing PPKG - 100%
PROGRESS: Running provtool.exe - Installing PPKG - 70%
VERBOSE: Provtool.exe process is hanging and will be forcibly stopped to continue.
PROGRESS: Installation completed - Installing PPKG - 100%
VERBOSE: Provisioning exit code: MSFT_ScheduledTask (TaskName = "Device-Sync", TaskPath = "\Microsoft\Windows\Workplace Join\") TimedOut
PROGRESS: Collecting WinEvent Logs - PPKG Error Check
VERBOSE: Constructed structured query:
<QueryList><Query Id="0" Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin"><Select Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:27:49.000Z'])]</Select></Query><Query Id="1" Path="microsoft-windows-aad/operational"><Select Path="microsoft-windows-aad/operational">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:27:49.000Z'])]</Select></Query></QueryList>.
PROGRESS: Processing event 1 of 11 - Analyzing Events - 9%
VERBOSE: 11/13/2024 22:27:53 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
WARNING: ErrorCode: 0xC0048451
WARNING: ErrorCode: 0xC0048451
PROGRESS: Processing event 2 of 11 - Analyzing Events - 18%
VERBOSE: 11/13/2024 22:27:53 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
WARNING: ErrorCode: 0xC0048459
WARNING: ErrorCode: 0xC0048459
PROGRESS: Processing event 3 of 11 - Analyzing Events - 27%
VERBOSE: 11/13/2024 22:28:03 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Processing event 4 of 11 - Analyzing Events - 36%
VERBOSE: 11/13/2024 22:28:05 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Processing event 5 of 11 - Analyzing Events - 45%
VERBOSE: 11/13/2024 22:28:18 - Error - MDM Enroll: Server context (37914dcc-4904-4d45-8af7-33816401cad8).
PROGRESS: Processing event 6 of 11 - Analyzing Events - 55%
VERBOSE: 11/13/2024 22:28:18 - Error - MDM Enroll: Server Returned Fault/Code/Subcode/Value=(Authorization) Fault/Reason/Text=(Authorization).
PROGRESS: Processing event 7 of 11 - Analyzing Events - 64%
VERBOSE: 11/13/2024 22:28:18 - Error - MDM Enroll: Failed to receive or parse certificate enroll response. Result: (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.).
PROGRESS: Processing event 8 of 11 - Analyzing Events - 73%
VERBOSE: 11/13/2024 22:28:18 - Error - MDM Enroll: Failed (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.)
PROGRESS: Processing event 9 of 11 - Analyzing Events - 82%
VERBOSE: 11/13/2024 22:28:19 - Error - MDM ConfigurationManager: Command failure status. Configuration Source ID: (<redacted>), Enrollment Name: (Provisioning), Provider Name: (AADJ), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/AADJ/BPRT), Result: (The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.).
PROGRESS: Processing event 10 of 11 - Analyzing Events - 91%
VERBOSE: 11/13/2024 22:28:19 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
WARNING: ErrorCode: 0xC0048451
WARNING: ErrorCode: 0xC0048451
PROGRESS: Processing event 11 of 11 - Analyzing Events - 100%
VERBOSE: 11/13/2024 22:28:19 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
WARNING: ErrorCode: 0xC0048459
WARNING: ErrorCode: 0xC0048459
PROGRESS: Errors detected - Processing Provisioning Package - 100%
WARNING: AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
PROGRESS: Attempt 3 of 3 - Applying Provisioning Package - 100%
VERBOSE: Checking Device-Sync Task
WARNING: Device-Sync Task was disabled. Enabling to prevent error code: 0xCAA50021
VERBOSE: {
"Modules": [
{
"BPRT": "<redacted>",
"Type": 7
}
],
"PackageName": "<redacted> AzureAD Join Provisioning Package"
}
PROGRESS: Sending request for PPKG - Generating PPKG - 50%
VERBOSE: POST with -1-byte payload
VERBOSE: received 21281-byte response of content type application/octet-stream
PROGRESS: Successfully generated PPKG - Generating PPKG - 100%
PROGRESS: Writing PPKG to disk - Preparing PPKG - 50%
PROGRESS: PPKG written to disk - Preparing PPKG - 100%
PROGRESS: Running provtool.exe - Installing PPKG - 70%
VERBOSE: Provtool.exe process is hanging and will be forcibly stopped to continue.
PROGRESS: Installation completed - Installing PPKG - 100%
VERBOSE: Provisioning exit code: MSFT_ScheduledTask (TaskName = "Device-Sync", TaskPath = "\Microsoft\Windows\Workplace Join\") TimedOut
PROGRESS: Collecting WinEvent Logs - PPKG Error Check
VERBOSE: Constructed structured query:
<QueryList><Query Id="0" Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin"><Select Path="microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:28:24.000Z'])]</Select></Query><Query Id="1" Path="microsoft-windows-aad/operational"><Select Path="microsoft-windows-aad/operational">*[(System/TimeCreated[@SystemTime>='2024-11-13T22:28:24.000Z'])]</Select></Query></QueryList>.
PROGRESS: Processing event 1 of 4 - Analyzing Events - 25%
VERBOSE: 11/13/2024 22:28:29 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
WARNING: ErrorCode: 0xC0048451
WARNING: ErrorCode: 0xC0048451
PROGRESS: Processing event 2 of 4 - Analyzing Events - 50%
VERBOSE: 11/13/2024 22:28:29 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
WARNING: ErrorCode: 0xC0048459
WARNING: ErrorCode: 0xC0048459
PROGRESS: Processing event 3 of 4 - Analyzing Events - 75%
VERBOSE: 11/13/2024 22:28:42 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Processing event 4 of 4 - Analyzing Events - 100%
VERBOSE: 11/13/2024 22:28:49 - Error - AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
WARNING: ErrorCode: 0xC0048512
WARNING: ErrorCode: 0xC0048512
PROGRESS: Errors detected - Processing Provisioning Package - 100%
WARNING: AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048451
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048459
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
AAD Cloud AP plugin call GenericCallPkg returned error: 0xC0048512
PROGRESS: Completed - Applying Provisioning Package - 100%
VERBOSE: Not sending count to the deviceManagement API
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 response of content type application/json of unknown size
VERBOSE: Content encoding: utf-8
Write-Error:
64 | Write-Error "Error occurred: $_"
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error occurred: Forbidden:Make sure you have the ImmyBot Azure integration setup to use a Custom App Registration with API Permissions for /deviceManagement/managedDevices
Line |
PROGRESS: Starting Intune enrollment process after Azure AD Join... - Intune Enrollment
WARNING: Initial MDM enrollment failed. Checking event logs for Impersonation or Device Credential Failure
WARNING: Detected Impersonation or Device Credential Failure in event logs. Retrying with '/AutoEnrollMDMUsingAADDeviceCredential'
WARNING: Retry failed. Returning the last 15 events...
TimeCreated : 11/13/2024 2:29:13 PM
Id : 81
Message : Auto MDM Enroll Impersonation Failure (Unknown Win32 Error code: 0x82aa0008)
TimeCreated : 11/13/2024 2:29:13 PM
Id : 76
Message : Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x82aa0008)
TimeCreated : 11/13/2024 2:29:14 PM
Id : 89
Message : Auto MDM Enroll DmGetAadDeviceTokenWithDiscovery with Application ID (NULL): Status (The operation
completed successfully.)
TimeCreated : 11/13/2024 2:29:14 PM
Id : 90
Message : Auto MDM Enroll Get AAD Token: Device Credential (0x1), Resource Url
(https://enrollment.manage.microsoft.com/), Resource Url 2 (https://enrollment.manage.microsoft.com/),
Status (The operation completed successfully.)
TimeCreated : 11/13/2024 2:29:14 PM
Id : 91
Message : Auto MDM Enroll Enrollment Information: AadResourceUrl
(https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc), DiscoveryServiceFullUrl
(https://enrollment.manage.microsoft.com/), TenantID (<redacted>), Upn
(package_<redacted>.com)
TimeCreated : 11/13/2024 2:29:15 PM
Id : 4
Message : MDM Enroll: Certificate policy request sent successfully.
TimeCreated : 11/13/2024 2:29:15 PM
Id : 6
Message : MDM Enroll: Certificate policy response processed successfully.
TimeCreated : 11/13/2024 2:29:15 PM
Id : 3012
Message : TPM State: Version:(2) ReadyForStorage:(true) NotReadyReason:(None), ReadyForAttestation:(true),
NotReadyReason:(None), isUnsatifactory:(false), hasVulnerability:(false), isLockedout:(false),
AlgOidInUse:(1.2.840.113549.1.1.1), IsAlgOidInUseSupported:(true).
TimeCreated : 11/13/2024 2:29:26 PM
Id : 3011
Message : Creating key with crypto provider: (Microsoft Platform Crypto Provider) HRESULT: (The operation
completed successfully.), failFunction: (), CryptoProvider index (0) of total (2).
TimeCreated : 11/13/2024 2:29:26 PM
Id : 8
Message : MDM Enroll: Certificate enrollment request sent successfully.
TimeCreated : 11/13/2024 2:29:26 PM
Id : 59
Message : MDM Enroll: Server context (<redacted>).
TimeCreated : 11/13/2024 2:29:26 PM
Id : 52
Message : MDM Enroll: Server Returned Fault/Code/Subcode/Value=(MessageFormat) Fault/Reason/Text=(Device based
token is not supported for enrollment type UserCorporateWithAADNotInOobe).
TimeCreated : 11/13/2024 2:29:26 PM
Id : 11
Message : MDM Enroll: Failed to receive or parse certificate enroll response. Result: (Invalid message from the
Mobile Device Management (MDM) server.).
TimeCreated : 11/13/2024 2:29:26 PM
Id : 71
Message : MDM Enroll: Failed (Invalid message from the Mobile Device Management (MDM) server.)
TimeCreated : 11/13/2024 2:29:26 PM
Id : 76
Message : Auto MDM Enroll: Device Credential (0x1), Failed (Invalid message from the Mobile Device Management
(MDM) server.)
WARNING: Intune enrollment process failed (ExitCode: -2102788088).