anyweb Posted October 18, 2017 Report post Posted October 18, 2017 Introduction Devices can be enrolled into Microsoft Intune in many ways, the user can download the Microsoft Company Portal, and enroll the device using the wizard contained within that app, this would then mean the device shows up as Personal owned. Or, the admin can use Bulk Enrollment methods such as Apple Device Enrollment Program or Apple Configurator (which requires an Apple Mac to run the program) or for Windows devices, use Windows AutoPilot. Keep in mind that bulk enrollment is generally for new devices and not devices that have already been deployed. When you join new Windows desktop, mobile, holographic or Surface devices into Azure AD (Azure AD join as part of OOBE or Windows AutoPilot or via the options in the operating system) you can avail of a new MDM auto-enrollment capability which means that not only is the device Azure AD joined, but it will automatically become enrolled (and managed) by Microsoft Intune. This also means that the device will show up as Corporate owned and has the distinct advantage of not needing the end user (or admin) to have to download and use the Company Portal to enroll the device. To setup MDM auto-enrollment in Azure is fairly easy, and here's how to do it. You do need to have both Azure Active Directory Premium subscription and a Microsoft Intune tenant configured before doing this. Step 1. Login to Azure As a user with administrative permissions in Azure Active Directory, login to https://portal.azure.com and select the Azure Active Directory service highlighted here with the red arrow. Step 2. Configure MDM auto-enrollment Click on Mobility (MDM and MAM) and then select Microsoft Intune from the applications listed. The Configure Microsoft Intune blade opens. Notice the following text (by clicking on the information 'i' beside MDM User scope, which explains the capabilities. Use MDM auto-enrollment to manage enterprise data on your employees' Windows devices. MDM auto-enrollment will be configured for AAD joined devices and bring your own device scenarios. Click on Restore default MDM URLs and then select Some (to select one or more user groups you want to enable for MDM auto-enrollment), or All to apply to all users. In this example you will add a User Group (previously created, containing one or more Windows device users), so select Some, and then click on Select Groups to select the User groups you want this MDM auto-enrollment capability to apply to. When you are done with your selection, click on Select. Next click on Save to save your changes. You'll be notified in the top right corner of the success or failure of this action. That's it, job done, now go and Azure AD join a Windows device, using a user that is a member of the group you specified above. After joining Azure AD, it will also become MDM auto-enrolled by Microsoft Intune. You can verify this by going into Microsoft Intune service in Azure, and selecting Devices then All Devices, the device you just joined into Azure AD will now also be MDM Managed by Microsoft Intune (due to MDM auto-enrollment) and listed as a Corporate owned device. And on the device itself you can verify in All Settings, Accounts, Access work or school, and click on the username. For more info about this read https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment Quote Share this post Link to post Share on other sites More sharing options...
petergroft Posted March 31, 2023 Report post Posted March 31, 2023 You can enable MDM auto-enrollment for Microsoft Intune in Azure by following these steps: Sign in to the Azure portal with an account that has the necessary permissions to manage Intune. Navigate to Intune by searching for it in the search bar at the top of the Azure portal. In the Intune pane, select "Device enrollment" from the menu on the left. Click on "Windows enrollment" and then select "Automatic enrollment". In the Automatic enrollment blade, select "Intune MDM user scope" from the options at the top of the page. Choose the user groups that you want to enable auto-enrollment for by selecting them from the list of available groups. Under the "Device enrollment type" section, select "Managed devices" if you want to allow users to enroll their personal devices, or select "Corporate-owned devices" if you want to restrict enrollment to company-owned devices only. Under the "Credentials" section, choose the type of credentials that will be used for auto-enrollment. You can choose from Azure AD, Microsoft accounts, or Google accounts. Save your changes by clicking on the "Save" button at the top of the blade. Once you have completed these steps, MDM auto-enrollment will be enabled for the selected user groups, and their devices will automatically enroll in Intune MDM when they sign in with their Azure AD credentials. You can monitor the enrollment status of devices in the Intune portal under "Devices > All devices". Greetings, Peter Quote Share this post Link to post Share on other sites More sharing options...
