In this blog, we’ll dive into the common headache of enrolling existing devices to Intune and hitting the 0x80180031 error, often caused by the fact that Mobile Device Management is not configured.
We’ll explore what goes wrong, from MDM scope misconfigurations to missing registry entries, and break down how you can quickly resolve it. Whether you need to check the scope, verify DNS CNAMEs, or run a PowerShell script to set the correct MDM URLs, this guide has you covered to ensure smooth enrollment.
0x80180031
You’re setting up a device for Intune enrollment, everything seems in place, and then bam, you hit the dreaded 0x80180031 error. Event logs (like Event ID 76) tell you MDM isn’t configured. (Mobile Device Management (MDM) is not configured)
What’s going wrong? Let’s unravel this mystery and fix the enrollment process.
The error usually indicates a misconfiguration in how the device connects with Intune. Specifically, it’s about missing MDM URLs and some key setup steps in the registry that need to be in place. Here’s how you can get back on track.
Understanding the Setup
When you’re enrolling an existing device into Intune, everything starts with MDM scope. Go into Azure AD and check the scope settings—make sure it’s set to either All users or a specific group (and yes, it must be users, not devices). More often than not, the problem lies here, so double-check this configuration first.
But what if the MDM scope checks out? The next culprit might be your DNS CNAME records. These need to be correctly configured, and you can easily verify this in the Intune portal.
At this point, also ensure that the user attempting to enroll has the proper Intune license assigned and the MDM Authority is set to Microsoft Intune.
As shown below, in our case the MDM Authority is set to Microsoft Intune. If somehow the authority is not set you could check out this blog to set it.
If you’ve made it this far without success, let’s dive a little deeper.
Debugging the Error
When the 0x80180031 error pops up, it essentially tells you the device is missing some key information, specifically, the MDM Enrollment URLs. (MENROLL_E_MDM_NOT_CONFIGURED)
These URLs tell the device where to go to complete its enrollment into Intune, and if they’re absent, Intune enrollment is a non-starter.
A useful way to dig into this is to run dsregcmd /status. In the output, you’ll want to pay close attention to the Device Management section.
If you don’t see any URLs under MDM Enrollment, Terms of Use, or Compliance, that’s your smoking gun.
Fixing the Registry
So what do you do? It’s time to fix the registry keys. The missing URLs can be populated by manually adding them under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\YourTenantID
When using dsregcmd /status, that command would check those registry keys. If they aren’t defined, this will result in the error you’re seeing. Luckily, you can resolve this by running a PowerShell script that will fill in the correct URLs:
$key = 'SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\*'
$keyinfo = Get-Item "HKLM:$key"
$url = $keyinfo.name
$url = $url.Split("\")[-1]
$path = "HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo$url"
New-ItemProperty -LiteralPath $path -Name 'MdmEnrollmentUrl' -Value 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc' -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $path -Name 'MdmTermsOfUseUrl' -Value 'https://portal.manage.microsoft.com/TermsofUse.aspx' -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $path -Name 'MdmComplianceUrl' -Value 'https://portal.manage.microsoft.com/?portalAction=Compliance' -PropertyType String -Force -ea SilentlyContinue;
After running the script, check the dsregcmd /status output again. You should now see the MDM URLs populated. With those MDM urls populated, you could now kick off the device enroller to start the real enrollment, and the device should enroll without a hitch.
0x8007052e: Another Enrollment Error to Watch For
While 0x80180031 is a common issue, there’s another error you might encounter during Intune enrollment: 0x8007052e. This error typically appears when the MDM Enrollment URL is missing or incomplete, preventing the device from successfully reaching Intune during a Windows Autopilot Enrollment
You may also notice these errors showing up in the Modern Device Management Event logs:
“Registering your device for mobile management (4, 0x8007052e)”
“We couldn’t find the corresponding MDM information for this Azure AD device. Error: 0x8007052e”
In the Event Viewer, under the Moderndeployment-Diagnostics-Provider-Autopilot logs, you may notice an entry like this:
“AutopilotManager failed during device enrollment phase DeviceDiscovery. HRESULT = 0x8007052E”
These error messages indicate that the device couldn’t retrieve the necessary MDM information from Azure AD, typically because of missing or misconfigured MDM scope settings, or DNS CNAME records.
If you run into this error, ensure the MDM scope is set correctly in Entra ID and verify the DNS CNAME configuration.
Conclusion
The 0x80180031 error can be frustrating, but it usually boils down to misconfigured MDM settings or missing registry entries. By verifying the MDM scope, CNAME records, and licenses, then using the PowerShell script to populate the missing URLs, you’ll be back on track with device enrollment in no time.
Hey,
there are two small issues with your script that will end up in an incorrect path.
I just added a ‘\’ in both path variables.
$key = ‘SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\*’
$path = “HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\$url”