Intune not adding PROVISIONING EXTRAS - Zero-Touch

Kristian45
Level 1.6: Donut

‎05-08-2024 05:22 AM

Hi,

Have an issue when linking Intune to Zero-touch.
When connecting the 2, it does not add any "PROVISIONING EXTRAS" 

I can create it manualy, with the EMM DPC and DPC extras.
When i asign it manualy it work, but when it's set to "Enterprise Default Profile" it will look at the DPC extras from intune (That is Empty) and then just ask for QR or code to the Profile.
The Intune profile that is selected as default is a "Corporat-owned, fully managed user device" profile in ZT

Have been in contact with Microsoft regarding this for 3 months, and they cannot help me, they only thing they can say is "The profile maybe Corrupt" and we need to create a new one. We have 250 devices added to ZT by this point

Have tried unlinking, and linking after waiting 24 hours, and so on. But nothing have worked.

 

Zero-touch No DPC Extra2.png

I was hoping that someone in here can help me with this 🙃

13 REPLIES 13

Lizzie
Google Community Manager
Google Community Manager

‎05-09-2024 03:42 AM

Hello @Kristian45,

 

Welcome to the Customer Community. 

 

@jeremy@jasonbayton@Moombas@Timmy wondering if you have any thoughts on this one? (Thank you in advance)


I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

jeremy
Level 2.3: Gingerbread

‎05-09-2024 05:29 AM - edited ‎05-09-2024 05:30 AM

Yes so this is usually populated by the EMM (Intune in this case) they might have an issue, but it's on their end as this is a parameters sent through the URL to the iframe.

0 Kudos

Timmy
Level 2.0: Eclair

‎05-09-2024 12:24 PM

Hey, 

The "Link your zero-touch account to your EMM provider" from the Intune UI is not something I recommend anyone to use. A few years ago when it was first introduced In Intune I wrote an article on it here: https://timmyit.com/2022/09/26/first-look-at-link-your-zero-touch-account-to-intune-and-manage-zero-...

the conclusion was that unless you are only using 1 profile for "Corporate-owned, fully managed user device" its pretty much useless. And it has to much knowledge not changed since then and that's often a sign that its no longer getting the love and attention from Microsoft which you also somewhat experienced in your support request. 

There is no need or requirement to use the "Link your zero-touch account to your EMM provider" from the Intune when working with Android Enterprise and Zero touch and I'll happy to point you in the right direction for things if there are certain specific scenarios you wish to cover. 

/Timmy 


jasonbayton
Level 4.0: Ice Cream Sandwich

‎05-09-2024 12:41 PM

It's not an uncommon complaint, intune's implementation leaves a lot to be desired. 

 

As Timmy suggests, better to avoid it and handle ZT through the customer portal (partner.android.com/zero-touch)

Kristian45
Level 1.6: Donut

‎05-09-2024 01:02 PM

Thanks for all the replies.

The idea was that we deliver the Tablets directry to different locations, without going into the portal, and changing the Profile every time (Have done this the last 3 months).

I guess it will work if i remove the connection/Link to Intune, and set the "Default configuration" to the Intune configuration i have created manually in Zero-touch? 

Again, thanks for all the awnsers, was not able to find anything about this anywere,

Hope this can help some other people having the same issue in the future.

jasonbayton
Level 4.0: Ice Cream Sandwich
In response to Kristian45

‎05-09-2024 01:14 PM

Yes exactly. If you're efficient with it you can time the profile default with the order you make with a reseller, switching them up as needed to auto-assign to different configs by order.

 

That, or lean on the zero-touch customer API, which allows you to automatically and in bulk manage devices and their configs

AndriusG
Level 1.5: Cupcake

Wednesday

I have the same problem, no matter what I put in the DPC extras, it never picks up the enrolment token. @Lizzie or anyone from ZT, can you please assist here? We are only using 1 token.

0 Kudos

jasonbayton
Level 4.0: Ice Cream Sandwich
In response to AndriusG

Wednesday

The Intune implementation is rubbish, you'll need to take it up with Microsoft

0 Kudos

AndriusG
Level 1.5: Cupcake
In response to jasonbayton

Thursday

Why? It is not the issue of Intune that ZT portal does not apply the default configuration you have created and configured to be a default. If I manually apply it, it works like a charm.

0 Kudos

jasonbayton
Level 4.0: Ice Cream Sandwich
In response to AndriusG

Thursday

If you're still talking about the integration of ZT inside Intune then yes it absolutely is their issue. Docs describe exactly how it should be implemented for an EMM, and they don't do it correctly.

 

If you're setting manual configs inside the ZT console and applying directly to devices, either through bulk or by setting the default config in ZT for all newly added devices, and it's not working, that would then be a Google issue. Assuming your setup is correct.

0 Kudos

Timmy
Level 2.0: Eclair
In response to AndriusG

Wednesday

Have you read the post I linked to above ? https://timmyit.com/2022/09/26/first-look-at-link-your-zero-touch-account-to-intune-and-manage-zero-...

This will explain the situation and what you should do if you need to use DPC extra. 
Assuming you have the exact same scenario, its not a google issue. Its Microsoft Intune limitations for this specific feature. But you can use DPC extra with Intune if you just use the Zero touch portal with Intune. 

0 Kudos

Kristian45
Level 1.6: Donut
In response to AndriusG

Wednesday

I removed the Intune Connection, and just use it from Zero-touch.

 

Disconnect Intune to ZT, and try and chance the profile on your test Device to use the specific profile, instead of the “Enterprise Default”(this do not work)

 

then you can set up the Default Configuration i ZT, to get added when you get new device into the portal

 

hope this explains it.

0 Kudos

AndriusG
Level 1.5: Cupcake
In response to Kristian45

Wednesday

Hi,

 

I need a bit more details. How to disconnect Intune from ZT I am aware, but I think it might not allow to do it, till I have devices that were enrolled this way?

In terms of the profiles in ZT, I have configured "my own" profile with DPC extras that include the enrolment token, but unless I change the profile for each device - they do not pick up the configuration and ultimately the token. All of them always default to "Enterprise Default Profile". How this would be different when I disconnect Intune from ZT?

0 Kudos