Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9412: Unable to Enroll Windows 10 Device with SCCM installed

Centrify Identity Service, App Edition ,   Centrify Identity Service, App Plus ,  

2 November,17 at 04:06 PM

Applies to: All versions of Centrify Endpoint Services

Problem

Windows 10 system was previously enrolled into AzureAD and has SCCM installed. 

System was unenrolled from AzureAD, and per Centrify Online Help Page, enterpriseenrollment and enterpriseregistration CNAMEs have been created in the user domain's DNS zone, pointing to the user's Centrify tenant URL. 

However, the Windows 10 device would still enroll into Office365 Azure AD when enrolling with the account (username@domain) managed by Centrify Identity Platform.


Cause:

Instead of clicking on 'Connect' from the 'Connect to work or school' systems settings on Windows, the 'Enroll only in device management' option should be selected. This enables enrollment to MDM instead of Azure AD. Note that this option is not available unless user has Local Admin rights.


User-added image


Additionally, according to MS there can only be one management authority on a device, i.e. the SCCM client and MDM enrollment cannot coexist unless a specific registry key change has been made on the Windows 10 machine.


Solution

If 'Enroll only in device management' link is missing and SCCM is installed on the Windows 10 device (and cannot be uninstalled):

1. Add a new REG_DWORD under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
  • Key Name: ExternallyManaged
  • Key Value: 0

User-added image

2. Make sure the user has Local Administrator rights
3. User should now be able to enroll to Centrify MDM by clicking the 'Enroll only in device management' (try to reboot/re-login if 'Enroll only in device management' link is still missing.

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.