<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001DXMTL0A5Okta Classic EngineAuthenticationAnswered2026-02-02T06:08:12.000Z2026-01-27T14:43:32.000Z2026-02-02T06:08:12.000Z

StephenH.69375 (Customer) asked a question.

January 27, 2026 at 2:43 PM
Automatic Intune Enrollment no MFA

We have been able to create rules to allow us to register our devices as Hybrid-Joined devices in Azure. The rule stops MFA from being requested. We have request.userAgent.contains("Windows-AzureAD-Authentication-Provider") in the custom expression as well as check that the client is Exchange ActiveSync/Legacy Auth

 

We now need a new rule to allow machines to automatically enroll in Intune, i.e. also stopping MFA and allowing just password.

 

Does anyone know what we need in the custom expression for the rule to see that it is an Intune erollment being made?

  • 2 answers
  • 118 views
User16460653063307410261 likes this.

  • Paul S. (Okta, Inc.)

    Hello @StephenH.69375 (Customer)​ Thank you for posting on our Community page!

     

    The Okta Community Questions forum isn't really meant for in-depth troubleshooting.

    I would recommend to have a Support ticket open, then continuing the discussion with the assigned Technical Support Engineers. They'll be able to access additional tools and resources to help you get to the bottom of it.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @StephenH.69375 (Customer)​ Thank you for posting on our Community page!

     

    The Okta Community Questions forum isn't really meant for in-depth troubleshooting.

    I would recommend to have a Support ticket open, then continuing the discussion with the assigned Technical Support Engineers. They'll be able to access additional tools and resources to help you get to the bottom of it.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • StephenH.69375 (Customer)

    Hello, thanks for your reply. I already posted a ticket but the answer was that there was no answer, it is too difficult to work out if the request is an automated enrolment 😔

    For anyone else having such issues the issue seems to be not Okta, but the MFA behind Okta. The way we got around this issue was to temporarily add the user doing the enrolment to an exclusion group in the MFA provider. Then the Intune enrolment worked perfectly.

    Expand Post

Loading
Automatic Intune Enrollment no MFA