Hey there! I wanted to share a quick piece about a frustrating issue I encountered while doing Intune Android Enrollment, specifically the Corporate Owned with work profile ones. It took me some time to figure out, so I’m hoping this helps anyone else facing a similar roadblock.

So, during the enrollment process, after getting all the apps installed, I hit a wall at the “Your work checklist” page. Clicking on “Set up” for device registration my device was stuck in a loop. Even trying to go back using the arrow seemed pointless.

I did find a little workaround using the three dots in the corner, but it only offered useless info or showed the installed apps. Frustrating, right? If you’re dealing with this, know you’re not alone! You will probably already know that at the Google Account sign in screen you need to enter afw#setup (the DPC Identifier method) in the email box to have your device enrolled as a Corporate-Owned with Work Profile device:

I would have liked a solution to mirror the Android device screen to my PC straight from the initial setup but I did not find a tool that could do that. If someone from the community knows or have such a tool please share. 🙂

The Problem with Intune Android Enrollment

As stated in this Microsoft article the afw#setup enrollment method is supported on devices running Android versions 8.0 or later. It’s not supported with Android 11.0+. See this link for more information from the Google developper docs. Here you can find that the DPC identifier method (afw#setup) is not supported.

More info on the DPC Identifier method is found here.

So now back to our device.I will perform al the steps here to show you exactly what happens on the device.

If we enter the afw#setup at the Google account screen and tap next all seems to go fine.

As you can see from the screenshots, all is normal and this is also what you would expect.

Now for the device policy, tap while using the app and scan to token created for the profile from intune. You can also enter the token number if you are not able to scan it. After you scan or entered the token number still all looks fine. Tap Agree and tap next.

Tap Accept & Continue. When presented with Sign in screen, sign in with your credentials and tap next.

Approve any MFA requests if you have set these up. your device will start Registering the profile. Again all still looks good. Tap install at the Your work checklist.

After some time your work apps will be installed. Tap Done. On the next screen tap Register your device and on the the blue screen tap sign in, now the bad stuff is about to happen!

On the Set Up **** screen tap next. Notice the message: Registration is taking longer than expected. Hang on while we keep trying. After a few seconds you will see a pop-up message appearing, again saying that the registration is taking longer. You can tap ok and retry at the bottom to try again but your device will remain in a loop.

Ok that was that, you now know that there is a possibility to do it with another method to get your device enrolled so you might think that the easiest way to get started with the correct method is to restart the device. Unfortunately we could not be more wrong. If you restart the device it will restart at the point where you tapped install at the Your work checklist.

Now what to do…? Let’s dive into the solution.

The Solution

The 1st thing you need to do is getting your Android device into the bootloader. On hardreset.info you can find a lot of info about a lot of devices to get then into the bootloader. This is how to do this for my Galaxy A33:

• Connect your phone to the computer by the Type C cable (don’t use a charger, connect to your PC, otherwise it will not work!)
• Press Power key + Volume Down till the screen goes black
• Press Volume Up and Power button at the same time
• Let go of all buttons when the SAMSUNG logo appears and wait till the Recovery mode menu pops up.

In the bootloader scroll down with the volume button to Wipe data/factory reset and press the power button to confirm.

When the wipe is complete you will get a message at the bottom of the screen.

Now choose Reboot system now with the volume button and confirm with the power button to reboot the device.

Now that your device has rebooted tap the first screen you see repeatedly to launch the QR reader ( I always tap 10 times), then select your language. Again, this can differ on your device. If you have a SIM card inserted first put in your PIN. After you scan the code you will be presented to connect to WIFI, if you have a data plan on your SIM you will probably will not have this option. I don’t have a data plan on my SIM so I need to connect to WIFI 1st.

Scan the QR code, connect to WIFI and tap next at the This device belongs to your organization.

Now you device is getting ready for work setup, tap agree on the set up a work profile screen and watch your device being set up. Tap next at the Your IT admin can control this device & block certain apps.

Your device will now update, tap accept & continue on the Welcome to Chrome screen.

Sign in with your credentials, approve any MFA requests if you have set these up. your device will start Registering the profile. Tap install at the Your work checklist.

Watch your work apps being installed and tap done when ready, on the next screen tap Register your device and on the the blue screen tap sign in.

Now tap next, choose a device category (if you have set this up) and tap OK, then tap Done

Tap next, I’m skipping the personal account setup for this blog but you can sign in if you want. Choose what Google services you want.

Set up the protection of your device by choosing a pin, password or a pattern, I will choose a 6 digit pin code. Review the additional apps, I have deselected them all, tap OK. Agree to the license agreement. Tap later on the Discover and install great apps screen and last tap Finish at the All Done screen.

Now you will be presented by your work profile on your device and your device is enrolled in Intune as a Corporate-Owned with work profile.

Intune view:

I hope this blog will help you with enrolling your devices and save you some time.