Disable the MFA of the user an put it in the policy MFA
Try this one
https://www.thewindowsclub.com/windows-10-devices-cant-sync-with-intune-after-enrollment
If not work, try these steps below
1º Run the following script in powershell as adm
# Set MDM Enrollment URL's $key = 'SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\*' try{ $keyinfo = Get-Item "HKLM:\$key" } catch{ Write-Host "Tenant ID is not found!" exit 1001 } $url = $keyinfo.name $url = $url.Split("\")[-1] $path = "HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\$url" if(!(Test-Path $path)){ Write-Host "KEY $path not found!" exit 1001 }else{ try{ Get-ItemProperty $path -Name MdmEnrollmentUrl } catch{ Write_Host "MDM Enrollment registry keys not found. Registering now..." New-ItemProperty -LiteralPath $path -Name 'MdmEnrollmentUrl' -Value 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc' -PropertyType String -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath $path -Name 'MdmTermsOfUseUrl' -Value 'https://portal.manage.microsoft.com/TermsofUse.aspx' -PropertyType String -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath $path -Name 'MdmComplianceUrl' -Value 'https://portal.manage.microsoft.com/?portalAction=Compliance' -PropertyType String -Force -ea SilentlyContinue; } finally{ # Trigger AutoEnroll with the deviceenroller try{ C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM Write-Host "Device is ready for Autopilot enrollment now!" exit 0 } catch{ Write-Host "Something went wrong (C:\Windows\system32\deviceenroller.exe)" exit 1001 } } } exit 0
OR execute this
# Set MDM Enrollment URL's $key = 'SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\*' $keyinfo = Get-Item "HKLM:\$key" $url = $keyinfo.name $url = $url.Split("\")[-1] $path = "HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\$url" New-ItemProperty -LiteralPath $path -Name 'MdmEnrollmentUrl' -Value 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc' -PropertyType String -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath $path -Name 'MdmTermsOfUseUrl' -Value 'https://portal.manage.microsoft.com/TermsofUse.aspx' -PropertyType String -Force -ea SilentlyContinue; New-ItemProperty -LiteralPath $path -Name 'MdmComplianceUrl' -Value 'https://portal.manage.microsoft.com/?portalAction=Compliance' -PropertyType String -Force -ea SilentlyContinue; # Trigger AutoEnroll C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM
2º Open the task scheduler as admin
3º Browse the Microsoft > Windows > Workplace Join folders
4º Execute the 3 tasks in this folder
Once you've done that, you'll probably see the option to synchronize in School and Account