This can happen for several reasons:

• Device has somehow disconnected itself from Azure AD. But it is still listed within Azure.
  • 90% of the time you should be able to re-join it through ‘Work or School’.
• Error occurred during the ‘Autopilot’ process and the machine has somehow confused itself.
• There are GUID remnants within Registry Edit from when the machine was previously Azure AD joined.
• The device states that it is still enrolled within Azure AD. But it does not appear within Azure, Endpoint & Intune.
  • This can occur if it was deleted in Azure. The device becomes ‘Zombie-Joined’.

Troubleshooting & Solutions

Search for the device within Azure Active Directory, Endpoint, Intune, and Windows Autopilot devices and make sure that it has been deleted. Once deleted, it may take some time for it disappear from these portals.

Check that the device enrolment status using ‘dsregcmd /status’ in Command Prompt (CMD) This will tell you if the device thinks it is still enrolled. In some cases, you may see ‘DeviceAuthStatus: FAILED’. This means the device is either disabled or deleted in Azure.

1. The device may not appear within Azure as well. If it does, delete it.
2.  Then perform ‘dsregcmd /debug /leave’
3. Sign out of the device -> Log back in using a local Admin Account -> Attempt to re-join the device or Autopilot it.

Go into Registry Edit as Administrator. Go into Enrollments. Delete all GUIDs listed. Then attempt to re-join the device. Do not delete ‘Context’, ‘Status’ and ‘ValidNodePaths’. There may be some GUIDs that you cannot delete.

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments

Useful Tools:

You can view Intune Management logs by going to:

‘Settings’ -> ‘Accounts’ -> Access work or school’ -> ‘Export your management log files’

Additional Information that might prove useful:

Registry Key Paths for Enrollments:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\Status\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\OMADM\Logger\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\OMADM\Sessions\

Additional References & Possible Solutions:

• https://www.itpromentor.com/troubleshooting-weird-azure-ad-join-issues/
• https://www.maximerastello.com/manually-re-enroll-a-co-managed-or-hybrid-azure-ad-join-windows-10-pc-to-microsoft-intune-without-loosing-current-configuration/
• https://www.anoopcnair.com/intune-logs-event-ids-ime-logs-troubleshooting/
• https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10
• https://learn.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors