Jump to content


anyweb

How can I enable MDM auto-enrollment for Microsoft Intune in Azure ?

Recommended Posts

Introduction

Devices can be enrolled into Microsoft Intune in many ways, the user can download the Microsoft Company Portal, and enroll the device using the wizard contained within that app, this would then mean the device shows up as Personal owned. Or, the admin can use Bulk Enrollment methods such as Apple Device Enrollment Program or Apple Configurator (which requires an Apple Mac to run the program) or for Windows devices, use Windows AutoPilot. Keep in mind that bulk enrollment is generally for new devices and not devices that have already been deployed.

When you join new Windows desktop, mobile, holographic or Surface devices into Azure AD (Azure AD join as part of OOBE or Windows AutoPilot or via the options in the operating system) you can avail of a new MDM auto-enrollment capability which means that not only is the device Azure AD joined, but it will automatically become enrolled (and managed) by Microsoft Intune. This also means that the device will show up as Corporate owned and has the distinct advantage of not needing the end user (or admin) to have to download and use the Company Portal to enroll the device. To setup MDM auto-enrollment in Azure is fairly easy, and here's how to do it. You do need to have both Azure Active Directory Premium subscription  and a Microsoft Intune tenant configured before doing this.

Step 1. Login to Azure

As a user with administrative permissions in Azure Active Directory, login to https://portal.azure.com and select the Azure Active Directory service highlighted here with the red arrow.

azure ad.png

Step 2. Configure MDM auto-enrollment

Click on Mobility (MDM and MAM) and then select Microsoft Intune from the applications listed.

mobility.png

The Configure Microsoft Intune blade opens. Notice the following text (by clicking on the information 'i' beside MDM User scope, which explains the capabilities.

Use MDM auto-enrollment to manage enterprise data on your employees' Windows devices. MDM auto-enrollment will be configured for AAD joined devices and bring your own device scenarios.

configure mdm auto enrollment.png

Click on Restore default MDM URLs and then select Some (to select one or more user groups you want to enable for MDM auto-enrollment), or All to apply to all users.

In this example you will add a User Group (previously created, containing one or more Windows device users), so select Some, and then click on Select Groups to select the User groups you want this MDM auto-enrollment capability to apply to.

select user group.png

When you are done with your selection, click on Select.

select.png

Next click on Save to save your changes.

save.png

You'll be notified in the top right corner of the success or failure of this action.

successfully updated microsoft intune.png

That's it, job done, now go and Azure AD join a Windows device, using a user that is a member of the group you specified above.

azuread jin.png

After joining Azure AD, it will also become MDM auto-enrolled by Microsoft Intune.

You can verify this by going into Microsoft Intune service in Azure, and selecting Devices then All Devices, the device you just joined into Azure AD will now also be MDM Managed by Microsoft Intune (due to MDM auto-enrollment) and listed as a Corporate owned device.

managed by corporate.png

And on the device itself you can verify in All Settings, Accounts, Access work or school, and click on the username.

managed by windows noob dot com.png

For more info about this read https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment

Share this post


Link to post
Share on other sites

You can enable MDM auto-enrollment for Microsoft Intune in Azure by following these steps:

  1. Sign in to the Azure portal with an account that has the necessary permissions to manage Intune.
  2. Navigate to Intune by searching for it in the search bar at the top of the Azure portal.
  3. In the Intune pane, select "Device enrollment" from the menu on the left.
  4. Click on "Windows enrollment" and then select "Automatic enrollment".
  5. In the Automatic enrollment blade, select "Intune MDM user scope" from the options at the top of the page.
  6. Choose the user groups that you want to enable auto-enrollment for by selecting them from the list of available groups.
  7. Under the "Device enrollment type" section, select "Managed devices" if you want to allow users to enroll their personal devices, or select "Corporate-owned devices" if you want to restrict enrollment to company-owned devices only.
  8. Under the "Credentials" section, choose the type of credentials that will be used for auto-enrollment. You can choose from Azure AD, Microsoft accounts, or Google accounts.
  9. Save your changes by clicking on the "Save" button at the top of the blade.

Once you have completed these steps, MDM auto-enrollment will be enabled for the selected user groups, and their devices will automatically enroll in Intune MDM when they sign in with their Azure AD credentials. You can monitor the enrollment status of devices in the Intune portal under "Devices > All devices".

Greetings,
Peter

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.