Intune assignment issue – Enumeration not permitted. Type an exact name or email address.

Issues, Troubleshooting Leave a comment

Content

  1. Assignment Issue
  2. Workaround
  3. Microsoft support

Updated 2019-07-22 with offical workaround Microsoft, see section below.

Assignment Issue

Last week I came across a weird issue in Intune while working with a customer when it came to assigning apps
and policies. When selecting group I was not able to search and find any groups.

All that showed up was an error message in the portal saying “Enumeration not permitted. Type an exact name or email address” However just a couple days before that I didn’t have any issues.

When I asked the client to logon with their user it worked just fine for them and I didn’t have the time to troubleshoot it.

Fast foward a few days and a post on reddit/r/Intune came up asking if anyone else have seen this and I started looking
in to this I asked in the thread if the OP used a guest account in the tentant they had experienced issues with and the reason for that was that the account I used where I saw the problem was a guest account. And correct they used a guest account just like I did.

Workaround

The current workaround is to not use a guest account. I have confirmed that with using a normal AAD account (Member).

Here’s an example from Azure Active directory in my test tenant where I have 2 accounts. The first one is a normal member account in AAD and that works just fine. The second account is a Guest account which has been invited through AAD to have access to this tenant.
And as mentioned before, if you use the Guest account even if that account has the same permissions and a Member account you will have issues assigning policies or apps in Intune.

Offical workaround from Microsoft

https://support.microsoft.com/en-us/help/4229970/can-t-see-list-of-users-or-groups-when-adding-permissions-in-iam-azure

Microsoft support

I created a support request to Microsoft and they got back to me that they were aware of the issue and confirmed that the workaround was to use a normal AAD account until its fixed. The support technician I talked to had no ETA on when it will be fixed.

That’s all for now and until next time, cheers !

Don’t forget to follow me on twitter

[twitter-follow screen_name=’Timmyitdotcom’]

And you can also find me blogging over at http://blog.ctglobalservices.com/

Leave a Reply