Это видео недоступно.
Сожалеем об этом.
Intune Auto Enrollment with Windows Group Policy
HTML-код
- Опубликовано: 7 авг 2024
- Windows 10 and Windows 11 clients must enroll into Intune before they are managed by Intune. We can use Group Policy Objects in Windows AD to automatically enroll our Windows clients into Intune. This video goes over how to configure a Windows AD domain for auto enrollment. We start with the requirements and then move onto a demo that walks through configuring the Azure AD tenant and Windows AD domain for Intune Auto Enrollment.
00:00 - Start
03:14 - Create an MDM User Group
04:14 - Enable MDM support in Azure AD
05:21 - Create an MDM Device Group
05:58 - Create the MDM Group Policy
08:13 - Verify Auto Enrollment
Links
Free Azure guide! Subscribe to the newsletter
subscribepage.io/rbsIjt
Zero to Hero with Azure Virtual Desktop
www.udemy.com/course/zero-to-...
Hybrid Identity with Windows AD and Azure AD
www.udemy.com/course/hybrid-i...
Windows 365 Enterprise and Intune Management
www.udemy.com/course/windows-...
Cost Management in Azure
www.udemy.com/course/cost-man...
Windows 10 and Windows 11 Administrative Templates
learn.microsoft.com/en-us/win...
Windows 11 admin templates are not backwards compatible with Windows 10
4sysops.com/archives/keep-adm...
Thanks for this great video. You mention you need windows 10 or 11 specific ADMX Templates but its no longer the case. Per Microsoft, as of 21/07/23, You can now use the new Windows 11 ADMX files (download from Microsoft Download Center) to maintain Windows 11 and Windows 10 clients. Hope that helps others troubling shooting the gpo deployment.
Great walkthrough, thank you very much
Thats the video iam looking for. Thank you very much!
You are awesome , if you can make a vlog enrolling already enrolled AAD devices to intune , Thanks
Thank you so much :)
You're welcome!
This guy is awesome!!! Thanks Travis!!! Does Azure AD Connect need to be configured for Hybrid Domain Join for AD domain joined devices? This is a great demo!!!
Yes, Azure AD Connect sync has to sync the devices to Azure AD.
This is so helpful. I'm sure in my hybrid environment the way it enrolls via GPO is nearly the same. As a learning and relatively new admin for M365: If we use conditional access to have everyone require MFA and be hybrid joined to be able to login and use cloud apps, and if we have a machine that has fallen off from Intune (max 270 days?), is there a way to bypass MFA requirement to re-enroll/re-register the device? Not sure if that's even a valid question or i'm getting confused. I also want to know if the MDM certificate in Certificate manageer even factors into the above question at all either.
As I know in a Hybrid environment with GPO enrollment the MDM user scope is not relevant. The MDM user scope typically comes into play when you are using a pure MDM solution for device management. In this case I would only add admins to the MDM user scope so that users can't add devices as a corporate device and all regular users to the MAM user scope. Correct me if it's wrong.
Hi Travis, I think you wanted to remove the "Authenticated Users" group from the GPO security filtering list? After adding the group "MDMDevices".
I thought so as well. Or maybe just remove the ability for Auth Users to 'Apply Group Policy'...... Or just link to a lower OU instead of the whole domain if unsure.
agreed otherwise it applies to all
I wondered this too! Can the author please clarify?
Noticed this too and went looking to see if someone had commented already. Authenticated Users includes all AD objects that authenticate against the domain, so leaving that in security filtering and linking the GPO to the root of the domain will apply the policy to all Computer Objects in the domain.
So if the device is domain joined already, the user's log in with their AD account. If we enroll the devices into Intune via this method, will this then make them sign into the computers with their Entra ID account/365 account? Or does the computer need to go through the whole Autopilot stuff for that to happen?
Hi Travis,
I still not able to login with AAD User, as it says the username or password is incorrect.
Hello Travis, You do great videos!! I have a question. I have same configuration as you did, but in some of my computers i dont see the Task under EnterpriseMgmt. And the computer remain hybrid Join and dont add to Intune...Any suggestions? Thanks 😁
I'm seeing this as well, any update?
you mentioned a difference with win 11 and 10 in realtion to GPO and auto enroll for intune. What do i need to do here, have both OS's in our network?
Check the links in the comments. That will point you in the right direction.
@@Ciraltos Sorry Travis didnt cop the comments, Ta
Not working :/
Azure AD is better than Entra ID