Set up the Enrollment Status Page - Known issues

Microsoft AI Microsoft Azure Microsoft Intune Microsoft 365

This section lists the known issues for the enrollment status page.

• When creating apps that are deployed during ESP, any reboots that are packaged within the app may cause ESP to hang and fail the deployment. We recommend specifying the reboot behavior in Intune instead of triggering the reboot within the package.
• Disabling the ESP profile doesn't remove ESP policy from devices and users still get ESP when they sign in to device for first time. The policy isn't removed when the ESP profile is disabled.
• A reboot during device setup forces the user to enter their credentials before the account setup phase. User credentials aren't preserved during reboot. Instruct the device users to enter their credentials to continue to the account setup phase.
• The ESP always times out on devices running Windows 10, version 1903 and earlier, and enrolled via the Add work and school account option. The ESP waits for Microsoft Entra registration to complete. The issue is fixed on Windows 10 version 1903 and later.
• Hybrid Microsoft Entra Autopilot deployment with ESP takes longer than the time-out duration entered in the ESP profile. On Hybrid Microsoft Entra Autopilot deployments, the ESP takes 40 minutes longer than the value set in the ESP profile. For example, you set the time-out duration to 30 minutes in the profile. The ESP can take 30 minutes + 40 minutes. This delay gives the on-premises AD connector time to create the new device record to Microsoft Entra ID.
• Windows sign in page isn't prepopulated with the username in Autopilot User Driven Mode. If there's a reboot during the Device Setup phase of ESP:
• ESP is stuck for a long time or never completes the "Identifying" phase. Intune computes the ESP policies during the identifying phase. A device may never complete computing ESP policies if the current user doesn't have an Intune licensed assigned.
• Configuring Microsoft Defender Application Control causes a prompt to reboot during Autopilot. Configuring Microsoft Defender Application (AppLocker CSP) requires a reboot. When this policy is configured, it may cause a device to reboot during Autopilot. Currently, there's no way to suppress or postpone the reboot.
• When the DeviceLock policy is enabled as part of an ESP profile, the OOBE or user desktop autologon could fail unexpectedly for two reasons.
• ESP doesn't apply to a Windows device that was enrolled with Group Policy (GPO).
• Scripts that run in user context (Run this script using the logged on credentials on the script properties is set to yes) may not execute during ESP. As a workaround, execute scripts in System context by changing this setting to no.
• Microsoft 365 Apps might cause the ESP to hang during app installation, specifically when:

• You add Microsoft 365 Apps to Microsoft Intune by using the Microsoft 365 Apps (Windows 10 and later) app type.
• The ESP is tracking the installation of Microsoft 365 Apps.
• Microsoft 365 Apps begin installing during the installation of another Win32 app being tracked.

1. You add Microsoft 365 Apps to Microsoft Intune by using the Microsoft 365 Apps (Windows 10 and later) app type.
2. The ESP is tracking the installation of Microsoft 365 Apps.
3. Microsoft 365 Apps begin installing during the installation of another Win32 app being tracked.

To prevent the ESP from hanging during installation and causing a failed deployment, we recommend deploying Microsoft 365 Apps with Microsoft Intune by using the Win32 app type