Azure woes

Sometimes Intune goes brrrr and laptops go out of sync with Azure. Enrollments fail and your device is in a state where no one really knows what's going anymore. Had a lengthy support call with Windows a few years ago about this. Nothing really came out of it. Until a friendly csand appeared out of nowhere in our support thread on github (can't seem to find the link anymore). But the gist of it was, just delete some registry entries and the device will start the enrollment process again.

I've used this method to resolve co-management failures or duplicate device entries before, and now apparently for compliance mismatches as well. The device was compliant in Intune, compliant in Azure. But for some strange reason, not compliant when checking for MFA requirements. Deleted registry keys, re-enrolled, everything okay. 🤷‍♂️

Open regedit as admin on the affected laptop.
HKLM\SOFTWARE\MICROSOFT\enrollments
Make sure its enrollmentS and not enrollment, as both of those exist.
Delete as many GUID looking keys in there as possible. Some you can't delete so you can leave them. Backup the keys first if you are so inclined.