Overcoming Enrollment Challenges in Intune: The Importance of Verifying Prerequisites

I’ve been attempting to enroll an iOS device into Intune for a few days now. As soon as I enter my email and password in the Microsoft authentication window to enroll my device, I get an error message. The error message basically says, 'We were unable to enroll your device, contact your administrator or wipe the device and try again.' I immediately go to the Intune console and look for the 'Enrollment Failure' logs under the monitoring blades on devices. I see an error that states 'Unknown Error' and the recommended steps were 'We are not able to provide guidance for resolving this particular issue'. The best option I was given was to take the activity ID and call support. In my troubleshooting efforts, I tried multiple times, connected the device to Apple Configurator, connected it to iTunes, and forced a device wipe. I recreated the enrollment profile, the configuration profile, and for added measure, tried a different account. The actual fix was something I should’ve checked but assumed was completed. To be honest, I didn’t think you could even add the ABM token to Intune without it. The Apple push certificate was not configured! I thought it was done by someone else, and they didn’t do it, and I didn’t check. As much as I preach about doing the easy things first and checking and rechecking the prerequisites, I still failed the easiest of troubleshooting exercises.

Learn from me! Never assume! Verify and re-verify! Although this issue resulted from my lack of following my own advice, I still expected Microsoft to provide a clearer reason for the failure. The issue was a missing prerequisite, and the enrollment process didn’t have a clue because it was failing a prerequisite. I will put in a request for that error to be fixed. Until then, if you see the error 'Unknown Error,' check the Apple Push Certificate!

