How to enroll windows devices to Intune - multiple methods
HTML-код
- Опубликовано: 12 ноя 2022
- In this video, we'll show you three different ways to enroll Windows devices to Intune - using the Intune Admin Portal, the Intune console, and MDM. We'll cover the different requirements and benefits of each method, and help you choose the best way to enroll your devices.
Whether you're new to Intune or you're already using it to manage your devices, this video is a great resource for enrolling Windows devices to Intune. We'll show you how to enroll devices using the Intune Admin Portal, the Intune console, and MDM, and help you choose the best method for you. Thanks for watching!
How to enroll windows devices to Intune - multiple methods
This topic covers:
1. Why Enroll devices to Intune, what is Intune enrollment.
2. Prerequisites for Enrolling devices to Intune.
3. Various methods to use for enrolling the device.
Intune Enrollment requires
Personally owned and corporate-owned devices can be enrolled to Intune. There are two ways to enroll the devices:
1. User Driven: Users have to perform the enrollment on their own.
2. Automatic Enrollment: This includes admin side settings which requires configuring policies which will force device for automatic enrollment. User’s won’t have to perform any kind of task here.
User Driven Enrollment
This is the method where enrollment is driven by the user. This can be done through either of the following ways:
Using Company Portal
Access work or school account
MDM only enrollment
Autopilot
Device Enrollment Manager (DEM)
Automatic Enrollment
We can also say it Administrator-based enrollment as it is not user driven. Once the configuration settings are done, devices can be enrolled automatically as there is no user interaction required. This is required for Hybrid Azure AD joined devices.
Hybrid Azure AD join = Domain Join + Azure AD Join
a. Automatic enrollment via Group Policy
Group Policy : Automatic enrollment can be done via Group policy setting Computer Configuration - Policies - Administrative Templates - Windows Components - MDM. Setting name is Enable automatic MDM enrollment using default Azure AD credentials, set it to:
Select Credential Type to use: User Credential
b. Automatic enrollment using SCCM Co-management feature (Configure Cloud Attach)
SCCM co-management feature allows to specify workload which can be used to define what functionality is going to be handled by which authority.
c. Bulk Enroll
Follow me on:
Blog Website: manishbangia.com/blog
Linkedin: / manishbangia
Twitter: / manish_bangia
Facebook group: / 183183326326502
Email: manishbangiacommunity@gmail.com 
Наука
Am slowly migrating from SCCM to intune ... beginner to intune , your video gave great confident to onboard myself to Intune. Appriciate your time for this informative session. Looking for more such videos..all the best.. Thank you.
Glad it was helpful!
Sir you explain very well. After your video, all doubts are pretty much cleared.
Thanks and welcome
Detailed explanation, thank you for your efforts....kindly make a video on how to combat threats, and malware and set the schedule on M365 Defender Portal, I have onboarded the machines using GPO to Defender but still couldn't figure out how to manage it. Appreciate.
Thanks for all your efforts. nice video. Can we have more videos on Intune. Real time troubleshooting in Intune.
Thanks for the great videos, really informative appreciate your efforts. Looking forward for upcoming videos on intune.
Thanks Varun
Excellent,cool explanation.
Looking for videos on others topics in Intunes😊
Thank you
Thanks Manish wonderful video, please do regular videos.
I will try my best
Thank you!
You're welcome!
Really very helpful
Great informational video
Thanks Jaspreet
Excellent..Thanks
Glad you liked it!
In case of Hybrid Azure AD join, If we enable MDM auto enrolment, Doesn't it take care of enrolling the device to Intune? In this video, you soke about GPO to do this. I am beginner in this area, so curious to know things.
MDM auto enrolment will work only for cloud only PC while for on-premises environment it will not work by just implementing this setting. The reason is:
For Enrollment process there are 2 steps involved:
1. Registering device to Azure (for on-premises devices - Azure AD connect is responsible)
2. Enrolling the device (using group policy enrollment setting or SCCM co-management)
This method is fully automated (for on-premises) and users cannot enroll manually.
hello sir, do i need Azure AD P1 as requirement for Automatic enrollment via Group Policy ?
Yes, for automatic enrollment P1 or P2 license is must.
Great Video, How do I do the Administrator enrollment in a Cloud Only environment (No SCCM/No Co-Management)?
If it is cloud only (no Domain involved), then you have to manually enroll the device by going to "access work or school account" , installing and logging onto conpany Portal app will also enroll the device.
Note: keep in mind, all pre-requisites such as intune license and internet connectivity etc will still apply.
Amazing Channel, keep it up with the good work!
What is the best way to enroll machines to Intune that are already enrolled in AD but not configured in Intune. We just have Azure AD with all the machines in. Now we want to activate Intune on every machine. New machines are not a problem it´s the existing ones.
You need to have Azure AD Connect installed on Windows Server which will act like a bridge to sync your on-premises identities to cloud. This scenario is called Hybrid Azure AD Join (Domain Join + Azure AD Join). Then you can have group policy setup for setting name MDM enrollment which is responsible for enrolling the device.
To be precise, 2 things are required for on-premises devices:
1. Hybrid Azure AD Join: Using Azure AD Connector
2. Intune Enrollment: Via Group policy
I hope this clarifies
Sir, i followed your steps for enrolling with GPO , but I can't see the devices on intune till now
Are devices able to do Microsoft entra hybrid join? Have you configured Microsoft Entra connector which is responsible for hybrid join of device. Once hybrid join happens, then only Intune enrollment comes into picture.
Is it possible to add a device that is already connected to Azure AD to enroll to Intune without using company portal
Yes, If you enable MDM user scope for the user, enrollment will happen automatically for Azure ad joined devices
@@ManishBangia thanks for the reply , I have enabled MDM and the scope. selected some , created a security group , added the user the group, when the user logs back on the devices doesn’t get added to Intune , tried 3 devices with two different user , both have 365 premium licenses, not sure where I am going wrong
I thought AutoPilot should be a part of automatic enrollment method ?
I'm talking AutoPlit on Microsoft Endpoint Manager admin portal
User intervention is still required even though configurations are set at the backend. After providing credentials, then only device gets enrolled.
The only realistic way is either SCCM and GPO, other methods are manual and require a lot of time
Also Autopilot does a pretty good job 🙂
Agree. Apart from GPO and SCCM, I will add autopilot in the list as one of the most important enrollment method.
Please make in Urdu, Hindi.. Why English????