Fix CNAME Validation Error in Intune Portal (MEM admin center)

In the MEM admin center (Intune Portal), when you perform a CNAME validation, you might see the following error. CNAME for domain is not configured or configured incorrectly.

You don’t need to worry as the fix for this error is very simple.

Configuring a CNAME in your DNS server saves your users from having to enter the address of the MDM server while enrolling their Windows devices.

To simplify enrollment, you must create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers.

If no enrollment CNAME record is found, users will be prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.

CNAME Validation Test

If you want to perform a CNAME validation test for your domain, here is how you do it.

  • First of all login to Microsoft Endpoint Manager admin center.
  • In the left pane click Dashboard. Now in the right pane, click Device Enrollment.
  • Under the General, click CNAME Validation.
  • You will see CNAME Validation box on right hand side of the screen.
  • Enter your domain and click Test.
  • If you see CNAME for domain not configured or configured incorrectly, follow the next steps.
CNAME for domain is not configured or configured incorrectly
CNAME for domain is not configured or configured incorrectly

How to Fix Intune CNAME Validation Error

So let’s say you see this error during the CNAME Validation “CNAME for domain not configured or configured incorrectly”.

All you need to do is add or create the below CNAME entries on your DNS server.

  • You must create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com
  • And a second CNAME that redirects to enterpriseenrollment-s.manage.microsoft.com.

For example, I will be creating two CNAME entries on my DNS server for the domain prajwal.org. The entries would look like this.

Type Hostname Redirects or Points to
CNAME EnterpriseEnrollment.prajwal.org EnterpriseEnrollment-s.manage.microsoft.com
CNAME EnterpriseRegistration.prajwal.org EnterpriseRegistration.windows.net

Some hosting providers require you to specify TTL values which would be 1 hour in this case.

Let’s add the first CNAME resource record which points EnterpriseEnrollment.yourdomain.com to EnterpriseEnrollment-s.manage.microsoft.com

Fix Intune CNAME Validation Error

Now let’s add the second CNAME resource record which points EnterpriseRegistration.yourdomain.com to EnterpriseRegistration.windows.net.

Fix Intune CNAME Validation ErrorNote – Changes to DNS records might take up to 72 hours to propagate. Hence wait until the DNS records propagate.

Finally after configuring the CNAME resource records in your DNS, login to Microsoft Endpoint Manager admin center. Enter the domain here to confirm that it has been configured correctly.

Fix Intune CNAME Validation Error

Related Posts
guest
0 Comments
Inline Feedbacks
View all comments

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More