Hello,
We have successfully enroled macOS and iOS devices into MDM, however we has an issue enrolling Windows 10 devices as per the meraki instructions. After contacting Microsoft support to find the error
MENROLL_E_USERLICENSE 0x80180018 The license of user is in bad state blocking enrollment; is because of Office365
I was told the CNAME records need to be deleted to aviod intune MDM enrolment
EnterpriseEnrollment CNAME EnterpriseEnrollment.manage.microsoft.com 3600
EnterpriseRegistration CNAME EnterpriseRegistration.windows.net 3600
We removed the DNS (DNS Note: Any email can be entered here, as it is not used to authenticate the enrollment. If your organization has InTune bundled in with your Office365 or Azure instance, do not enter a domain-joined email, as it will begin enrollment into InTune instead of prompting for your server information to complete the following steps.)
After successfully deploying the windows machine and installing the Agent as per the Meraki instructions - all seeded to work perfectly, until we restarted the machine, and the User now cannot use the password on the Windows 10 computer, even after resetting the password will not resolve the issue. Has anyone seen this before ?
We have not touched any standard settings on the Office365. Security and Compliance, or touched any intune settings on the Office365 dashboard
Solved! Go to solution.
looks like options are
SETUP A
Local account, with MDM profile and agent installed
SETUP B
Microsoft account (AzureAD) and only agent installed no profile
SETUP C (future)
Meraki looks at adding Application to Azure to enrol MDM without breaking or needing the profile added to the computer itself !?
I haven't experienced that issue; but I have had another issue. I have had two machines I am playing with, both AzureAD joined, and enrolled with a Meraki profile.
If I leave the machines unused, and not logged in, for say two weeks, the primary Office 365 account that was used to log into the machine disappears - and the original user can no longer log in again.
So now I'm wondering about you saying you can not log in anymore - because the password no longer works. Could it be perhaps not the password - but my case - where the whole account is now gone from the machine?
In my test machines, to get it working again, I had to repeat the AzureAD join process.
ps. I enabled the local Administrator account so I still have a way to login and see what is going on.
HI Philiip,
This sounds exactly the same issue, it just leaves what looks like an empty account on the machine, previously the devices had profile but not the agent, and presented no issues. After removing the DNS CNAME, it connected and worked without issue.
The devices were registered using Enterprise Not Personal with Office365 Accounts. There was no Administrator local account. Did your setup work? I was planning today to see if i can rebuild with a local Admin account, but i dont see the point if the Microsoft Office account will just loose the credentials with Meraki Agent installed ?
Have your machines worked properly now?
Hello, i repeated the Azure join process however the AzureAD was removed again ??
For me, having just the agent installed works - it is only when I deploy the Meraki management profile to the Windows 10 device that it seems to kill the Azure AD membership (eventually, not straight away).
HI Philip, has anyone at Meraki aware of this issue ?
I haven't mentioned it to anyone. I wasn't sure if anyone else was also experiencing the issue.
I am not sure if AzureAD needs registering so the deployed Devices can receive Meraki profile changes
looks like options are
SETUP A
Local account, with MDM profile and agent installed
SETUP B
Microsoft account (AzureAD) and only agent installed no profile
SETUP C (future)
Meraki looks at adding Application to Azure to enrol MDM without breaking or needing the profile added to the computer itself !?