Forum Discussion
Solved
Intune auto MDM enrollment for devices already Azure AD joined?
I have a client whose fleet of Windows 10 PC's are already joined to their organizational AAD (company-ownership), without any MDM, but now would like to start using Intune. They've upgraded their lic...
Hi Bob,
auto-enrollment is not supported when not used with OOBE and AADJ. But you could use an approach to guide users to MDM enrollment by sending out deep links via email for example. See here:
best,
Oliver
At scale this would be so painful to do, I wonder if MS is working on this. I've had the same thoughts.
Hi Guys,
Haven't had a chance to try this out in my lab, but it looks like enrolment can be triggered with Group Policy "starting Windows 10, version 1709 you can use a Group Policy to trigger auto-enrolment to MDM for Active Directory (AD) domain joined devices."
"When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. "
Hope this helps!
- The devices are already and only azure ad joined. As mentioned the solution seems to be leave azure ad and re-join, what is really impracticable for large deployments
Ok... so to make sure I'm following your scenario :)
You have a large deployment of W10 machines in Workgroups (not joined to on-prem Active Directory), which have been Azure device joined (not Hybrid/ADDJ) and you want trigger Intune auto-enrolment?
- Precisely. The need to trigger auto enroll is because i will be heavily using the intune management extension (which is auto deployed only when auto enroll is used)
