Skip to Content
Former Member
Jul 29, 2016 at 03:50 PM

Office 365 interferes with Windows 10 Enrollment


We're a company with approximately 75,000 devices, 30,000 devices on Afaria. All enrolled devices are Android and iOS based. We're trying to provide a similar option for Windows Phone 10. Because of the constant changes in Windows 10, we haven't put much effort into it until now.

I tried following the instructions here: Enrollment process of Windows Phone 10 device with using the Afaria Self Service Portal - SAP Mobility - SCN Wiki

However, because we have an Office 365 / Azure AD environment, the following happens:

I get to step 10 and enter in my email address. The device then takes me to our company's SSO page to login. I log into via SSO, and the device enrolls into Azure AD for Office 365. The enrollment URL is never asked for, and the Afaria is never touched.

As a workaround, I try entering an incorrect email address at step 10. The device then prompts me with the same as the screenshot in Step 11. I'm thinking "progress"... However, when I enter in my correct email address and the enrollment URL copied from SSP, the device does the autodiscover lookup on the email address, ignores the enrollment URL, and again takes me to the SSO page where the device enrolls into Azure AD for Office 365. The enrollment URL is never used, and the Afaria is never touched.

Next, I try do the same as before, but use the incorrect email address with the enrollment URL. The device seems to then progress forward with enrollment with the message "please wait while we register this PC..." It then stops abruptly with error 0x80090015, "NTE_BAD_PUBLIC_KEY - Provider's public key is invalid."

After that last error, the active enrollment within SSP is no longer there, meaning the device did talk with Afaria. However there is no device listed under My Devices, and the device still failed to enroll.

I bring this all up for two reasons:

1) So the Wiki page for Windows 10 enrollment process listed above can be updated to include the Azure AD/Office 365 scenario.

2) To find a solution for my problem. I have no problem with directing users to use an incorrect email address if that gets us through the process. Is the "provider's public key is invalid" error related to inputting the incorrect email address, or is it something bigger within my Afaria environment that I need to deal with?