Applies to: All versions of Centrify Endpoint Services
Windows 10 system was previously enrolled into AzureAD and has SCCM installed.
System was unenrolled from AzureAD, and per Centrify Online Help Page, enterpriseenrollment and enterpriseregistration CNAMEs have been created in the user domain's DNS zone, pointing to the user's Centrify tenant URL.
However, the Windows 10 device would still enroll into Office365 Azure AD when enrolling with the account (username@domain) managed by Centrify Identity Platform.
Instead of clicking on 'Connect' from the 'Connect to work or school' systems settings on Windows, the 'Enroll only in device management' option should be selected. This enables enrollment to MDM instead of Azure AD. Note that this option is not available unless user has Local Admin rights.
Additionally, according to MS there can only be one management authority on a device, i.e. the SCCM client and MDM enrollment cannot coexist unless a specific registry key change has been made on the Windows 10 machine.
If 'Enroll only in device management' link is missing and SCCM is installed on the Windows 10 device (and cannot be uninstalled):
1. Add a new REG_DWORD under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
Key Name: ExternallyManaged
Key Value: 0
2. Make sure the user has Local Administrator rights 3. User should now be able to enroll to Centrify MDM by clicking the 'Enroll only in device management' (try to reboot/re-login if 'Enroll only in device management' link is still missing.