intunebytes-logo
Attest Device Windows enrollment attestation

Attest Device Action – Attestation is in progress

IntuneBytes

The Problem: Attestation is in Process

Intune Device attestation reports showing many devices with status “Not started”

Tried to use the device action “Attest device action” for one device

The device stuck with “InProgress” status for several days despite as per Microsoft documentation it should take around 15 mins

Check Microsoft documentation here

https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-attestation#attest-device-action

What can be this issue!

This is how it shows in Device attestation status report

Windows enrollment attestation Device Attestation Status Device Actions

Attest Device Action Troubleshooting

  1. Checking prerequisites, OS and TPM version are supported
  2. Checking the device in Entra ID, the device is registered and in healthy state.
  3. Let’s check “Dsregcmd /status” from the device
    1. I noticed that the MDL URLs are empty

 MdmUrl : 
 MdmTouUrl : 
 MdmComplianceUrl :

  • And under “SSO State”

Server Error Description: MSIS9699: GlobalAuthenticationPolicy on the Server doesn’t allow this OAuth JWT Bearer request. Please contact the administrator to update the

  • So, the device is not able to authenticate with AAD
  • Let’s check “Automatic Enrollment” configuration
Automatic enrollment
  • It is configured with “Some”, but device primary user’s is not added to any group.

The solution

Adding the user to one of the scoped groups for the “Automatic Enrollment” configuration solved the issue, device complete attestation and reports as “Completed”

For more articles you can check https://intunebytes.com/

Tags:
share this:

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts