探花大神

Contact Us
Help Center Home > Devices KB > Troubleshoot: Windows MDM

Troubleshoot: Windows MDM

This article outlines common issues that can occur with devices enrolled in Windows MDM and how to resolve them.

How do I confirm my device’s enrollment status?

If a device fails to enroll in 探花大神 MDM, there are two common causes:

  • It is still enrolled with another MDM provider.
  • Or there are remnants of the previous MDM provider on the device.

When users try to enroll in 探花大神 MDM via the User Portal and enrollment fails, the following error may appear: The device is already being managed by an organization.

You can use 探花大神 Commands or the 探花大神 PowerShell Module to check the MDM enrollment status of your devices.

Using 探花大神 Commands to Confirm Enrollment

If the device has the 探花大神 Agent installed, you can use the following command to check the status of a specific device.

To check the device鈥檚 enrollment status using 探花大神 Commands:

  1. Log in to the .
  2. Go to DEVICE MANAGEMENT > Commands

Note:

For more information on commands in 探花大神, see Get Started: 探花大神 Commands.

  1. Click (+), then click Command to create a new command. The Details tab for the new command displays.
    1. In the Type field, click Windows
    2. Select Windows PowerShell.
    3. In the Command field, paste the following:
      get-jcsystem -hostname Workbox | select-object mdm
    4. Select the Devices tab. Select one or more devices where you want to apply this command.
    5. Click Save.  
  2. From your list of commands, run the newly created command on the affected device by clicking Run Now
  3. Go to the Results tab and click view. Locate the vendor value in the results.

In the following example, the vendor is Internal, meaning that this device has successfully enrolled in 探花大神 MDM. If the Vendor is None there is no detected MDM provider on this device. If the vendor value is External, that means another MDM provider has been detected on the system.

mdm
---
@{vendor=internal; profileIdentifier=; dep=; userApproved=; enrollmentType=unknown; enrollmentAttempts=0; createdAt=2024-04-05T16:47:49.026Z; prov...

Using the PowerShell Module to Confirm Enrollment

You can also use the 探花大神 PowerShell Module to check the enrollment status of all of your devices in 探花大神.

Note:

See Installing the 探花大神 PowerShell Module to learn how to install and run the PowerShell Module.

To use the PowerShell Module to check enrollment status:

  1. Run the following command in the PowerShell Module:

$SystemMDMStatus = Get-JCSystem
foreach ($system in $SystemMDMStatus) {
            $MDMStatus = $system.mdm.vendor
            if ($system.hostname -ne $null) {
            $Provider = $system.mdm.providerID
            $hostname = $system.hostname
            write-host "$hostname, $MDMStatus, $Provider"
            }
        }

  1. Check the $MDMStatus and $Provider values in the command results:
    1. If the device is enrolled with another MDM provider, follow the vendor鈥檚 specified steps to unenroll the device. 
    2. If the device was unenrolled but it is still detected as an enrolled device, we recommend you contact the vendor for assistance with removing the remnants of the previous MDM enrollment.
How do I manually remove Windows MDM using PowerShell?

There are times when a Windows device enrollment in 探花大神 MDM can鈥檛 be removed by normal methods, such as when the device is still linked with a previous MDM provider. When normal MDM removal methods don鈥檛 work, you can run the 探花大神_MDM_Removal script to manually locate and remove an MDM profile.

Considerations:

  • The MDM removal script can run either remotely (from the 探花大神 Admin Portal) or locally without user intervention. 
  • The script locates existing MDM Enrollment IDs in the HKLM:\SOFTWARE\Microsoft\Enrollments location of the registry then removes all other keys related to the MDM enrollment.

Prerequisites:

Important:

The script will use the Enrollment ID to remove the device鈥檚 associated MDM enrollment data from the following locations:

  • Registry Entries:
    • HKLM:\SOFTWARE\Microsoft\Enrollments
    • HKLM:\SOFTWARE\Microsoft\Enrollments\Status\
    • HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\
    • HKLM:\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\
    • HKLM:\SOFTWARE\Microsoft\PolicyManager\Providers\
    • HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Accounts\
    • HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Logger\
    • HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\Sessions\
  • Scheduled Tasks:
    • Related tasks under \Microsoft\Windows\EnterpriseMgmt\

To run the MDM removal script on a Windows device in the 探花大神 Admin Portal:

  1. Download the PowerShell script from GitHub: .
  2. Log in to the .
  3. Go to DEVICE MANAGEMENT > Commands

Note:

For more information on commands in 探花大神, see Get Started: 探花大神 Commands.

  1. Click (+), then click Command to create a new command. The Details tab for the new command displays.
    1. In the Type field, click Windows
    2. Select Windows PowerShell.
    3. In the Command field, paste the contents of the 探花大神 MDM removal script.
    4. Select the Devices tab. Select one or more devices where you want to apply this command.
    5. Click Save.  
  1. From your list of commands, run the newly created command on the affected device by clicking Run Now

Note:

The MDM enrollment profile should now be removed from the Windows device. To confirm  the command results, go to Device Management > Commands, then click the Results tab.

  1. (Optional) If the MDM enrollment removal script fails to run using 探花大神 Commands (or the device is inaccessible for other reasons), you can run the script locally:
    1. Open an elevated PowerShell or PowerShell_ISE session on your Windows device.
    2. Paste the contents of the 探花大神 MDM removal script.
    3. Press Enter to run the script.

Back to Top

Notebook IconLearn More

Collect Logs for Windows MDM

Get Started: Windows MDM

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case