RobbieJ Posted April 14, 2021 Report post Posted April 14, 2021 Hey there, having some issues with MDM and intune/device management within our surface hubs deployment. Initially we tried to make autoe enrollment work for devices that appeared in Azure AD that then appeared within a dynamic group because of their OS type or the device name, after reading technet its apparent that it's user based so we reworked the solution, still having issues: A dynamic user group has been created that automatically adds room and room mailbox/teams accounts in to a Azure AD security group, based on an attribute on the object ID at time of creation The above group is getting populated by new surface hub accounts a few minutes after I run our provisioning script to create our surface hub device accounts All surface hubs are joined to Azure AD using a global admin Azure AD account Surface hub is signed in to the room/mailbox account Teams and other functions work MDM will not register the device or show online/present. Are we missing something here? Thanks Robbie Quote Share this post Link to post Share on other sites More sharing options...
RobbieJ Posted April 19, 2021 Report post Posted April 19, 2021 Pretty quiet round here then Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted April 20, 2021 Report post Posted April 20, 2021 I'd like to help but I don't have a surface hub lying around, I'll ask someone who does... Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted April 20, 2021 Report post Posted April 20, 2021 I checked with a Hub user and this was his response 1) autoenrollment is not enrolling in to intune, only Azure AD 2) all policy and apps need to be assigned to a device group, as there is no "concept" of a user on the device Quote Share this post Link to post Share on other sites More sharing options...
RobbieJ Posted April 20, 2021 Report post Posted April 20, 2021 1 hour ago, anyweb said: I checked with a Hub user and this was his response 1) autoenrollment is not enrolling in to intune, only Azure AD 2) all policy and apps need to be assigned to a device group, as there is no "concept" of a user on the device Great thanks Anyweb. So in my use case I could create an Azure Dynamic Device group (A), that is selected in the auto enrolment options within Device Management. So when a new Surface Hub is joined to Azure AD it is added to the group automatically and also auto enrolled in to MDM/Intune because that group is specified in the auto enrolment settings. Hope that makes sense. Thanks Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted April 20, 2021 Report post Posted April 20, 2021 that makes sense, give it a go and report back with your success or lack of Quote Share this post Link to post Share on other sites More sharing options...
