Intune Enrollment status page was shown at multiple sessions at Ignite 2017, specially with Autopilot, this feature is not only for AutoPilot devices, but for all Windows devices that are AzureAD joined. Back in November 2017 I did a blog post on Intune Enrollment status page a couple of week later the feature was gone. Now it is here again and with great new features. Intune Enrollment status page is only support on Windows 10 1803 also known as RS4, unlike first time the enrollment status page was in Intune for Windows 10 1709 RS3 – this new page do not have any effect on Windows other than RS4.
In this blog post I will show how to setup the Intune Enrollment page and what it looks like from the End-user perspective, and at the end I will tell where I have found that the Intune Enrollment is not working so good.
How to configure Enrollment status page:
Start the Microsoft 365 device management portal https://devicemanagement.portal.azure.com
- Click Device Enrollment
- Click Windows Enrollment
- Click Enrollment Status Page (Preview)
- Select the Default
- Click Settings
- Click Yes
- Show app and profile installation progress – enables the feature
- Block device use until all apps and profiles are installed – this prevents the end-user from shutting down the status page (see below for what happens if this settings is set to No)
- Allow users to reset devices if installation error occurs – allows the end user to reset the devices and start the device provisioning all over again
- Allow users to use device if installation errors occurs – give the end-user the possible to go to the Windows desktop and use the devices is there is any errors
- Show error when installation takes longer than specified number minutes – sets a timeout in minutes, if it takes longer time to get the devices up and running it will go into error mode
- Show custom message when an error occurs – give the IT department the possibility to give the end-user a custom message is any thing goes wrong
- Allow users to collect logs about installation errors – so the end-user can give error logs to the IT departments
How is the end-user expirence:
After the End-user has entered the AzureAD/O365 credentials and password the Enrollment status page is showed to the end-user
In the first Device preparation it will show status for :
- Securing your hardware
- Joining your organization’s network
- Registering your device for mobile management
Then the Device setup will starts, and deploy devices assigned:
- Security policies
- Certificates
- Network connections
- Apps
In my case I don’t have anything devices assigned.
Then the Account setup will starts, and deploy user assigned:
- Security policies
- Certificates
- Network connections
- Apps
You can see details on how many settings that have been deployed and how many there is missing
When it is finished the devices is ready to use with the settings and installed apps.
The scenario where the IT admin allows the end-user to bypass the Intune Enrollment page looks a little different:
If Block devices use until all apps and profiles are installed is set to No
There will be a “Continue anyway” button that the End-user can click and the device will move on in the OOBE process like when the Enrollment page is not configured
Some things you need to remember when you are using Intune Enrollment status page:
If you have assigned a profile that requires a reboot the reboot screen will show up and reboot the devices after 2 minutes no matter if the devices is finished for not.
After the reboot, then the status page will show failed – and you can “try again”
At the moment I don’t have a solution for this behavior other than not use Intune profiles that gives a reboot. In my case it was Windows Defender Application Guard and Windows Defender Application Control , all in the Endpoint Protection profile in Intune, the reason is that all 3 settings are installing a Windows Feature that requires a reboot. I can also be a application that do not suppress a reboot that will give the same behavior.
More info:
Set up an enrollment status page
Happy testing – this is a long waited feature.
Cloud First 
Thanks for the write-up, so happy this is available again 🙂
BTW: What is that “Acting Admin” app ?
Thanks. That is a app that can give you local admin Access for short period and then removes it again
That is a scenario i’m running into on a regular basis and had not found a solution for yet.
Google is failing me; is this a publicly available app ?
I believe it’s a program ATEA.dk is selling, I’m waiting to get info about it 🙂
There’s an old program that does the same, but it’s not been updated since 2015, called Access Director.
Thanks! Unfortunately, the atea site is completely in danish , if you have/get some English info, please let me know!
Thanks 🙂
Send me a mail and I wiil put you in contact with the right person /Per
@Steffan Will do 🙂
Apologies, but i seem to be unable to locate any contact details ?
Pcl@osddeployment.dk