Forum Discussion

Zipwater's avatar
Zipwater
Level 1.6: Donut
2 months ago

Zero-Touch + Intune enrollment fails after Microsoft sign-in (redirects to portal.manager.microsoft.com)

Hi everyone,

I’m experiencing an issue during Android Zero-Touch enrollment with Microsoft Intune.  
The process begins normally and progresses through all the expected steps:

1. Getting your phone ready
2. Checking info
3. “This device belongs to your organisation”
4. Setup your phone
5. Setting up your device
6. “This device isn’t private”
7. Google services
8. Updating device
9. Welcome to Chrome
10. Microsoft sign-in page

The problem occurs AFTER I successfully sign in with my work account.

Instead of continuing with Android Enterprise (intune) setup, the device opens this URL:

   **portal.manager.microsoft.com**

This page shows “Page not found.”

Immediately after that, the device shows:

   **“Can’t set up device. To finish setup, sign in to your work account.”**

At this point the enrollment cannot continue.

The device is assigned to a Zero-Touch configuration with the DPC:

   `com.google.android.apps.work.clouddpc`

We also have a JSON configuration supplied from the Intune portal.

Has anyone seen this behaviour before where enrollment fails right after Microsoft authentication and redirects to an incorrect URL?  
Is this likely related to the Zero-Touch configuration JSON, the DPC, or a known issue with Intune handover?

Any guidance would be greatly appreciated.

Thank you!

Devices
Enrolment
microsoft intune
Zero-touch

7 Replies

  • jeremy's avatar
    jeremy
    Level 3.0: Honeycomb
    2 months ago

    This seems to be related to an issue with your Intune configuration the zero touch configuration seems fine as it redirect you to intune. So there might be an issue there after you’re authenticated with Intune. 
    You should start investigating on the Intune side maybe a rule preventing enrollment. 

  • Rakib's avatar
    Rakib
    Level 2.3: Gingerbread
    2 months ago

    Here is an example for the DPC:

     

    {
        "android.app.extra.PROVISIONING_LOCALE":"nb_NO",
        
        "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",

        "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",

        "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",

        "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
            "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "[Insert value from Intune]"
        }
    }

  • Zipwater's avatar
    Zipwater
    Level 1.6: Donut
    2 months ago

    thanks for the reply. this is the DPC i used:

     

    {
      "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
      "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
      "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
      "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
        "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "Intune token"
      }
    }

  • Zipwater's avatar
    Zipwater
    Level 1.6: Donut
    2 months ago

    I will reach out to Intune now

  • Michel's avatar
    Michel
    Level 4.0: Ice Cream Sandwich
    2 months ago

    Do you have a screenshot of the page not found screen? I'm having similiar issues at a customer, who works with Okta. I can't find the solution, everything is set up correctly and logging is not showing anything strange. The issue is only on Android and only for some users. 

  • Zipwater's avatar
    Zipwater
    Level 1.6: Donut
    2 months ago

     

    Michael, 

     

    here are the screen shot of error-