Custom MDM

Hi @Bhagyashree ,

Thank you for providing the details about your setup and the issue you're encountering. I understand you're trying to configure a custom Mobile Device Management (MDM) solution in Azure Active Directory (now Microsoft Entra ID), with the scope set to "All" for your custom MDM and "None" for Microsoft Intune. You've also added the discovery URL and terms page, uploaded the device hash to Intune for user assignment, and during the Out-of-Box Experience (OOBE), after entering the password, the terms page appears—but accepting it results in the error code 80004005.

While I'm a technical support engineer specialized in ASP.NET Core development (including APIs and related technologies), this particular issue falls outside my primary expertise area, as it involves Azure AD MDM enrollment, Intune device management, and Windows OOBE processes. That said, I've taken the time to review your description and research common causes for this error in similar scenarios to better understand and address what you might be facing.

From what I've gathered based on documented troubleshooting resources for Intune and Azure AD enrollment:

• The error 80004005 is a generic "unspecified error" often seen during device enrollment or join processes in Windows Autopilot/OOBE, particularly when involving MDM terms acceptance or hybrid Azure AD joins. It can indicate issues like timeouts, connectivity problems, or configuration mismatches during the enrollment flow.
• In custom MDM setups like yours, where you've disabled Intune scope and prioritized your custom solution, potential root causes include:
  • Licensing issues: The user account used for enrollment might lack an appropriate Intune or Microsoft 365 license, even if Intune scope is set to "None." Enrollment attempts can still trigger license checks during OOBE.
  • MDM terms and discovery URL problems: If the terms page URL is incorrect, blank, or unreachable (e.g., due to network issues or misconfiguration in Azure AD > Mobility (MDM and MAM)), acceptance can fail. Similarly, the discovery URL for your custom MDM needs to be fully accessible and properly formatted.
  • Enrollment profile or connector health: Since you're uploading hashes to Intune (even with scope "None"), ensure any assigned enrollment profiles (e.g., for hybrid join if applicable) are correctly configured. Also, check if the Intune Connector for Active Directory is healthy in the Microsoft Endpoint Manager admin center, as issues here can cause enrollment timeouts.
  • OOBE/Autopilot specifics: This error frequently appears in user-driven Autopilot scenarios after terms acceptance, often due to offline domain join failures, VPN/connectivity delays before enrollment, or device objects not syncing properly between Intune, Azure AD, and on-premises AD (if hybrid).
  • Other factors: Device-side issues like network timeouts during OOBE, or conflicts from previous enrollments (e.g., stale device objects in Intune or Azure AD), could contribute. A workaround mentioned in some cases is to hard reset the device at the error screen and retry, but this isn't a permanent fix.

Since this involves specialized Azure AD and Intune configurations (especially for custom MDM), which is outside my ASP.NET Core focus, I strongly suggest opening a dedicated support ticket with Microsoft for personalized assistance. They have experts in endpoint management who can investigate your tenant-specific setup, logs, and configurations in real-time. You can create a ticket via the Microsoft 365 admin center or through the Azure portal. If you have a support plan, reference this error code and your setup details to expedite it.

Hope this helps! If my suggestion was helpful, feel free to interact with the system accordingly.