"0x8018002B" error and Windows 10 MDM auto-enrollment for Intune fails if user scope is set to "None"

Applies to: Microsoft IntuneIntuneCommerce Intune More

Symptoms


When you try to auto-enroll a device in Microsoft Intune by using Windows 10 Mobile Device Management (MDM) through a Group Policy Object, the attempt fails, and you experience the following additional symptoms:

  • The Task Scheduler generates an error on the \Microsoft\Windows\EnterpriseMgmt\Schedule folder. This folder is created by the enrollment client that automatically enrolls a device in MDM from an Aaure Active Directory (Azure AD) task. The last-run result is as follows:
     

    Event 76 Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x8018002b)

  • In Event Viewer, you may also see the following event logged under Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-ProviderAdmin:
     

    Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
    Source: DeviceManagement-Enterprise-Diagnostics-Provider
    Event ID: 76

    Level: Error

    Description: Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x80180002b)

Cause


This problem may occur if the MDM user scope configuration item is set to None.
 
555.png

Resolution


To resolve this problem, follow these steps:
 
  1. In a web browser, navigate to the Azure portal.
  2. Select Azure Active DirectoryMobility (MDM and MAM).
  3. Select Microsoft Intune.
  4. Make sure that MDM user scope is set to All or that the appropriate groups are selected.
  5. Make sure that MAM User scope is set to None.
     
    777.PNG


Note If this method does not resolve the problem, see the following Knowledge Base article: 

4461453 "0x8018002B" error and Windows 10 MDM auto-enrollment for Intune fails if an invalid UPN is used