Whilst at a customer’s site recently, I was asked to look into an error they were receiving whilst attempting to add an Intune subscription to ConfigMgr 2012 SP1.
In the ConfigMgr 2012 SP1 console:

ConfigMgr 2012 SP1 console
ConfigMgr 2012 SP1 console

Right click Windows Intune Subscriptions:
Windows Intune Subscriptions right click
Windows Intune Subscriptions right click

Create Windows Intune Subscription:
Create Windows Intune Subscription
Create Windows Intune Subscription

Next
Sign in
Sign in

Enter Intune credentials
Log in to Intune
Log in to Intune

And here we got the error
Access denied
Access denied

The credentials that were used to log in were the same used to create the Intune account, so there should not be a permissions issue.
Logging in to the Intune Admin Console verified the credentials were ok.
I checked who Intune thought was the Mobile Device Management Authority and this suggested the cause of the problem.
Mobile Device Management Authority granted
Mobile Device Management Authority granted

ConfigMgr was not allowed to be the Mobile Device Management authority for the subscription which resulted in the “access denied” error.
When the Mobile Device Management authority is not set in the Intune Admin Console
Mobile Device Management Authority not set
Mobile Device Management Authority not set

The Intune subscription is successfully created in the wizard and, to continue, ConfigMgr 2012 SP1 must be allowed to manage the subscription; in other words,be authoritative.
New Windows Intune Subscription
New Windows Intune Subscription

Once this is ticked, the wizard successfully continues.
Allowed to manage
Allowed to manage

Regards
Jason
 

About the author