In this post, I will show you how to fix the CNAME validation error in Intune. In the Intune Portal, when you perform a CNAME validation, you may encounter the following error: “CNAME for domain is not configured or configured incorrectly.”
If you read the error, it clearly states that the CNAME entries are not configured or incorrectly configured. By setting up a CNAME on your DNS server, your users won’t have to type in the address of the MDM server when enrolling their Windows devices.
The CNAME configuration required for Windows devices to automatically discover the MDM server for mobile device management (MDM). If you have iOS or Android devices for enrollment, they don’t have to worry about auto-discovery or manual enrollment; as long as the Company Portal is installed, it knows how to find the right server to get the device enrolled.
To simplify enrollment, you must create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers. If there is no enrollment CNAME record, users will be asked to type in enrollment.manage.microsoft.com, which is the name of the MDM server.
Perform CNAME Validation Test in Intune Admin Portal
It is important that the CNAME validation works properly for your Intune tenant. If you want to manually perform a CNAME validation test in Intune for your domain, here is how you can do it:
- Sign-in to Microsoft Endpoint Manager admin center.
- Navigate to Devices > Device Enrollment > Enroll Devices.
- Under the General options, select CNAME Validation.
- In the CNAME Validation box, enter the domain and select Test.
- If you see the error “CNAME for domain not configured or configured incorrectly“, follow the next steps.
How to Fix CNAME Validation Error in Intune Portal
When you haven’t set up the necessary CNAME entries on my DNS server, Intune will give you a CNAME validation error. Suppose you get the error message “CNAME for domain not configured or configured incorrectly” when you try to validate CNAME. To resolve this error, all you need to do is add or create the following CNAME entries on your DNS server.
The above CNAME configuration is needed for mobile device management (MDM) on Windows devices so that they can find the MDM server on their own. I will add two missing CNAME entries for the domain prajwal.org to my DNS server. The entries would look like this.
|DNS Record Type||Hostname||Redirects or Points To||TTL|
To configure auto-discovery of the enrollment server, there has to be a CNAME record to point to the enrollment server. Type Host name Points to TTL.
Some hosting providers require you to specify TTL values which would be 1 hour in this case. Let’s add the first CNAME resource record which points EnterpriseEnrollment.yourdomain.com to EnterpriseEnrollment-s.manage.microsoft.com.
Now let’s add the second CNAME resource record, which points EnterpriseRegistration.yourdomain.com to EnterpriseRegistration.windows.net.
Note: Changes to DNS records might take up to 72 hours to propagate. Hence, wait until the DNS records propagate completely. You can use the online DNS propagation tools to keep track of how DNS replication is going.
After setting up the CNAME resource records in your DNS, log in to the Intune admin center. To ensure that it has been configured properly, choose CNAME Validation, enter the domain, and click the Test button. If you see that the CNAME of the domain is configured correctly, it means you have resolved the CNAME validation error in Intune.