KB – Windows devices getting unenrolled

If you are seeing Windows devices getting unenrolled, it could have several root causes.

A customer reported, that they’re seeing the following device events in the console

The devices requested the “Break MDM” command to unenroll the devices.

On the devices, we saw the following entry in the AWProcessedCommands log file:

{
    "@t": "2023-02-02T08:43:46.8261024Z",
    "@mt": "Processing Unenrollment request.",
    "SourceContext": "AW.Win32.CommandProcessor.Program",
    "ThreadId": 6,
    "ProcessId": 6624,
    "ProcessName": "AWProcessCommands",
    "MachineName": "ODJ-7437957",
    "EnvironmentName": "Production",
    "EnvironmentUserName": "MMWORKS\\SYSTEM"
}

Also in the eventlog there was this entry:

This message shows that, the device itself, unenrolled it. Based on the timestamp, we checked the application event log:

So, HUB uninstallation was triggered.
Next we checked the System event log:

As a next step, we checked the GPO’s and found the following setting was disabled:

As you can see in the help text, the setting “Enable automatic MDM enrollment using default Azure AD credentials” will cause an unenrollment if set to disable.

After changing the setting back to “Not Configured” and pushing down the gpupdate /force command to the devices, the unexpected device’s unenrollment stopped.

Written by
+ posts

Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.

Previous Article
Next Article

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright digitalworkspace.one All right reserved
BCF Shop Theme By aThemeArt.
BACK TO TOP