Device Enrollment In Intune
- August 17, 2022
- Posted by: Pavithra
- Category: End User Computing
In this article, you will be knowing the type of device enrollment available in Microsoft Intune.
In Microsoft Intune, you can enroll the devices of different platforms
But for a wider scope, we will be concentrating on windows-based enrollment.
Normally, we can enroll the device into Intune using 9 different methods and Autopilot is the most popular method that most of the Intune deployed organization uses.
Here is the list of MDM Enrollment methods below:
- Manual Enrollment
- Automatic Enrollment (Azure AD join)
- Group Policy
- Windows Autopilot
- Deep link
- Company Portal
- Provisioning Package
- Device Enrollment Manager
Manual enrollment or MDM only enrollment is the method of enrolling users of a particular workgroup, or Azure AD joined PC into Intune
This method is not recommended because of the following reasons:
- It doesn’t register the device in the Azure AD and the user might not get access to the company resources
- It prevents using some Azure AD features like conditional Access.
Automatic Enrollment (Azure AD Join)
Joins the device with Azure Active Directory and enables users to sign into Windows with their Azure AD credentials. The Auto Enrolment must be enabled for the device to get automatically enrolled in Intune. The benefit of auto-enrolment is a single-step process for the user. The device will be marked as a corporate-owned device in Intune.
This method can be done in both the Azure AD join devices and Hybrid Azure AD join Devices. The Minimum requirement for this method would be Windows 10 version 1709 and greater.
If you need to enroll the Azure AD device using this process, you can open the group policy editor and navigate to computer configuration > Administrative Templates > Windows Components > MDM.
Double click Enable Automatic MDM Enrollment Using Default Azure AD Credentials
- Select Enable
- Select User Credentials in Credential type.
So, what happens in the backend once you do this?
This policy creates a task in the task scheduler which will try to auto-enroll the device every 5 minutes.
To view this, open Task Scheduler, and navigate to Task Scheduler Library > Microsoft > Windows > Enterprise Mgmt.
A task schedule with the name Schedule created by the enrollment client for automatically enrolling in MDM from AAD should present here.
This method Automates Azure AD Join and enrolls new corporate-owned devices into Intune. This method simplifies the out-of-box experience and removes the need to apply custom operating system images onto the devices.
When admins use Intune to manage Autopilot devices, they can manage policies, profiles, apps, and more after they’re enrolled.
There are four types of Autopilot deployment:
- Self Deploying Mode(for kiosks, digital signage, or a shared device),
- User-Driven Mode(for traditional users),
- Windows Autopilot for pre-provisioned deployment enables partners or IT staff to pre-provision a PC running Windows 10 or Windows 11 so that it’s fully configured and business-ready.
- Autopilot for existing devices enables you to easily deploy the latest version of Windows to your existing devices.
This method lets the admins enroll their existing configuration manager-managed devices in Intune and these devices can enjoy the dual benefits of Intune and Configuration Manager.
The only, limitation is the device should be active in the configuration manager when the enrollment happens.
This is your web version of the company portal where you log in using your Azure username and password in ms-device-enrollment:?mode=mdm
When doing this your device will be automatically enrolled to the MDM
This is a simple method of enrolling your device to Intune, all you need to do is download the Company Portal app from the windows store and sign in using the Azure AD credentials.