Forum Discussion

MTSBob's avatar
MTSBob
Steel Contributor
Oct 05, 2018
Solved

Intune auto MDM enrollment for devices already Azure AD joined?

I have a client whose fleet of Windows 10 PC's are already joined to their organizational AAD (company-ownership), without any MDM, but now would like to start using Intune. They've upgraded their lic...
Intune
Mobile Device Management (MDM)
Deleted's avatar
Deleted
Dec 28, 2018

I have similiar case here. We have around 40 laptop users using O365 and devices are connected to Azure AD. Now I want to deploy M365 and Intune for them. I have upgraded users subscription to M365 and Windows version has been upgraded automatically to Windows 10 business as should. Computers won't pop-up automatically to Intune… I have read that I should cut the current connection to Azure AD from each Workstation and re-join devices again manually to Azure AD. I have tested this and computers will pop-up in Intune. This will do the trick, but isn't there a simpler way?

    • WalterPrem's avatar
      WalterPrem
      Brass Contributor
      Jun 14, 2019

      nick aquino 

       

      Bulk enrollment requires you to send a .ppkg manually to each device that is already enrolled. Not really an option.

  • bbhorrigan's avatar
    bbhorrigan
    Brass Contributor
    Dec 28, 2018
    At scale this would be so painful to do, I wonder if MS is working on this. I've had the same thoughts.
    • ThinkSync's avatar
      ThinkSync
      Brass Contributor
      Dec 28, 2018

      Hi Guys,

       

      Haven't had a chance to try this out in my lab, but it looks like enrolment can be triggered with Group Policy "starting Windows 10, version 1709 you can use a Group Policy to trigger auto-enrolment to MDM for Active Directory (AD) domain joined devices."

       

      "When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. "

       

      https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

       

      Hope this helps!

       

      • José Luiz Schenardie's avatar
        José Luiz Schenardie
        Brass Contributor
        Dec 28, 2018
        The devices are already and only azure ad joined. As mentioned the solution seems to be leave azure ad and re-join, what is really impracticable for large deployments

Resources