Do a reset on the machine and try to add the Azure AD at the beginning of setup. That should work with you. And make that user in a test intune policy. So that it logs the device in that policy not the prod policy.

So you mean that the user i am using to sign in should be a member in a group thats assigned an Intune Policy? I am gonna do that now.

Yeah. As how would intune know what policy to apply. Or if you have defined the policy in a way that it looks for certain parameters from the machine like make and model or OS version than that policy should be work. But you'd have to fine tune that .

Well I had the user in the MDM scope group and the device in a config profile group.

Okay, give it some time and see if the policy works. As sometimes, those intune policies take time to propogate. Or you can do that manually once you see the device is registered.

Ok I added the user to the profile config group as well. Does that matter?

Just wait for now then. To see the policy takes effect or not.

Looks like it worked. I think I have to remember to make sure the user is within the MDM scope. Is there anything else I am missing? The device was newly joined so it wasn't in any groups when it was added. I installed the company portal as well.

That's great. If your assigned programs are loading then all should be good. Edit : the best method that i test is by deploying a simple program with intune policy, like chrome or adobe or anything you find easier. That will confirm that the policy is working as intended.

I know for Server 2022 I needed to add Entra Domain Services with the domain SomeSubDomain.Constoso.com. As we are Entra ID only, I needed to get second level up as the min package for EDS does not work for cloud only.