Samsung S23 with Knox Mobile Enrollment fails to enroll in Intune

kc
Level 1.6: Donut

I was wondering if anyone else was having problems enrolling Samsung S23s using Samsung Knox Mobile Enrollment into MS Intune?  I read the other thread about S23s and Zero-Touch failing, but that seems different than what we see.

 

We get to a point where Chrome browses to https://play.google.com

The page says:  Please click here to continue.

No matter how many times you tap that link, nothing happens.  Everything is just stuck.  If you wait a long time, the phone just restarts and is in some weird state.

 

Using the QR code works fine.

Also, other models, like the Samsung S20, enroll just fine using Knox Mobile Enrollment into Intune.

 

This is what it looks like.

 

samsung zte error.jpg

 

I opened a case with MS, but they say that is Google's page, and they can't control what it does.

 

10 REPLIES 10

mdm
Level 1.5: Cupcake

Did you ever resolved this?  I'm seeing same issue on a Galaxy S24 running Android 14.   I can get around this by X out of this screen but this is not a good experience.   Also, prior to this,  I get an Microsoft login error AADSTS90100:  & "AADSTS900561 which I had to back out twice, and login back in which results going to the Google Play page.  I did not encounter any of these issue registeringn a BYOD device with Work Profile but that was on older Galaxy S9 running Android 10.

ReeceK
Google Community Team

Hey @kc 

 

Hope you are well.

 

Just a few questions I hope you can help with:

 

- Are all the S23s affected or just some?

 

- Is all the software up to date on the devices?

 

It seems trivial, but I want to rule out the basics before looking into next steps. 😊

 

Thanks!

Reece 

Michel
Level 2.0: Eclair

Hi @kc @mdm ,

 

We enroll S23's and S24's on a daily basis into Intune (and other MDM's) without any issues for the past few months. So there might be something not correct in your configuration. 

 

Do you mind sharing your KME profile settings, the first tab and second if you can (please make sure to remove the token from your JSON code)?

 

Did you use the advanced option of the normal profile option?

Eugene
Level 1.5: Cupcake

I also enroll S23's and S24's on a daily basis into intune via KME (found this made it that bit more secure) in the past week unable to add any new S24's into KME, thought it was knox guard that was blocking it so got samsung to ensure that this had been removed, but still unable to resolve the problem.

Michel
Level 2.0: Eclair

And what error are you seeing or experiencing? I just enrolled a S24 ultra without issues via two KME tenants and 2 Intune tenants so its not a global error. Might be specific to some tenants. 

Eugene
Level 1.5: Cupcake

got to bottom of it - had lovely chat with Samsung chap, basically I was using the tap 6 times to get QR code screen - only started doing that as someone recently told me that's how they do it.  I usually use the plus sign - the difference between the 2 is one isn't recognised as MDM, so once went back to the plus sign worked instantly - so back on track 🙂

Michel
Level 2.0: Eclair

haha happy to hear its solved! 

 

The QR code is an alternative for KME, its a less user friendly and it requires more interaction from IT or the end user. 

kc
Level 1.6: Donut

In our case, the issue was resolved with OneUI 6.1.  Samsung told us it was a bug in 6.0.  We had to wait for the S23s to start shipping with 6.1 pre installed, then KME went fine.

We only have S23s, no S24s, though.  I hope the issue hasn’t come back….


What is the “plus sign?”  KME should be like Zero-Touch.  The enrollment should be automatic, without needing to “6 tap” or anything else….

 

 

 

 

Eugene
Level 1.5: Cupcake

the plus sign is basically when the welcome screen shows use your finger  and just do a plus in the centre of it - you can go down line of Zero-Touch similarity by using KME enterprise where  you can tie the whole device to certain setup or get your vendor to auto enrol your devices into kme so that when the user receives the device they just complete first login.  I prefer to enrol the devices manually as we don't rely on one vendor for our devices.

Michel
Level 2.0: Eclair

You could consider user Android zero touch for all non Samsung devices (although samsung devices also work in Android zero touch portal)