Stumped on how to fix the “Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x80192efd)” when attempting to enroll into Microsoft Endpoint Manager (Intune)?
Or are you getting Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x82aa0008)?
Automatically enrolling a Windows 10 or 11 device (Intune) can sometimes be a challenge given the number of pre-reqs that must in place for it to go smoothly. These particular errors can crop up due to the to the fact that the two main ways of enrolling existing devices into Intune leverage “Device Credentials”. Both the Group Policy (GPO) or MEMCM (SCCM) Co-Management methods, by default, leverage use the device or NT\System to talk to Azure AD to complete the authentication.
If you have either of these configurations you may see this error:
Computer Configuration > Administrative Templates > Windows Components > MDM > Enable Automatic MDM Enrollment Using Default Azure AD Credentials. You can choose either “User Credential” or “Device Credential”. I’ve seen this issue normally when this is set to “Device Credential”.
MEMCM (SCCM) Co-Management
SCCM Co-Management when Automatic Intune enrollment also uses the Device Credential to authenticate to Azure.
Administration > Cloud Services > Cloud Attach > Configure Cloud Attach > Enablement tab > Automatic enrollment in Intune selected.
Looking in Event Viewer under Applications and Services Logs > Microsoft > Windows > DeviceManagement–Enterprise–Diagnostics–Provider/Admin you should see these two errors:
MDM Enroll: Failed (Unknown Win32 Error code: 0x80192efd)
And Auto MDM Enroll: Device Credential (0x1), Failed (Unknown Win32 Error code: 0x80192efd)
If you are using the GPO, you may also see these errors under Applications and Services Logs > Microsoft > Windows > EnterpriseMGMT.
You can see the that right beforehand, Windows is attempting to retrieve the AAD token by using the Device Credential, but it is failing.
Additionally, you may also see:
Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x82aa0008)
The device will retry this several times and then eventually quit.
The Solution – System Proxy!
Thankfully, the fix is quite simple. This is due to the system proxy not being correctly configured. Many times proxy configurations and/or PAC files are set mostly in the user context and sometimes the system context gets neglected. To fix, simply run this command from an elevated command window (updating of course with your environment specific details):
netsh winhttp set proxy proxy.mycompany.com:8080
To check what your current system level proxy settings are set to, run this:
netsh winhttp show proxy
After running the first command, give the system a reboot and the automatic enrollment process should kick off again and successfully complete this time. You should then see more success messages in Event Viewer including this one:
You can reset the proxy back to defaults by running:
netsh winhttp reset proxy
If you are still getting error after this then you may have more issues on the proxy side blocking or not properly redirecting the correct Microsoft URLs for AAD and Intune.