Our first attempt at adding the Intune subscription to the Configuration Manager console. First appearance, is that it may be a security issue.
Access is denied to the user when trying to enroll.
In researching this issue, it turns out that the Intune Mobile Device Management Authority was set to Intune. The dialog is misleading.
In the Set MDM Authority, note the important section:
Consider carefully whether you want to manage mobile devices using Intune-only (cloud service only) or System Center Configuration Manager with Intune integration (on-premises in conjunction with cloud service). After you set the mobile device management authority to either of these options, it cannot be changed again. If you’re unsure of your options, see Ways to do enterprise mobility. The Intune service can be used in conjunction with Office 365. You can specify which cloud service manages specific mobile devices in the Office 365 admin center and Intune admin console, respectively.
How to get support for Microsoft Intune
Microsoft can reset the MDM authority, note that it can take between 1 and 5 days. Any existing managed devices should be selectively wiped.
After the MDM authority is reset. (At this point we should be able to add Intune to Configuration Manager)
For reference, before: