Bring world-class customer experiences and calling into Microsoft Teams

Learn how to maximize your Microsoft teams investment and bring world class calling into your Teams app today.
10 Best Practices for Secure Backups

Watch this webinar to learn about 10 powerful best practices that you can start using right away!
2023 Global Report: Ransomware Trends

Ransomware is a problem that everyone has but no one wants to talk about publicly. These are lessons learned from 1,200 victims.

Microsoft Intune: Windows 10 Device Enrollment

In today’s Ask the Admin, I’ll show you how to enable device enrollment in Microsoft Intune and enroll a Windows 10 PC.

Microsoft Intune is a lightweight cloud-based PC and mobile device management product that uses Mobile Device Management (MDM), a set of standards for managing mobile devices, instead of Active Directory (AD) Group Policy, which is a Windows-only technology. For more information about Intune, see Introduction to Microsoft Intune on the Petri IT Knowledgebase.

Windows 10 PCs connect with Azure Active Directory and are then automatically enrolled in Intune. Before you can complete the instructions below, you will need both a trial Intune account and Azure Active Directory (Premium) subscription. Although the accounts are free for the trial period, credit card details are required to sign up for Azure AD Premium. I recommend creating an Intune account first, and then using the same account details to create an Azure AD Premium subscription. This will ensure that the Azure AD Directory is associated with your Intune subscription.

Assign User Licenses

The first step is to assign at least one user an Intune license. Licensing is managed from the Office 365 management portal.

Log in to the Office 365 management portal here with the admin account for your Intune subscription.
In the options on the right of the portal, click Users, and then Active users.

Assign an Intune license to a user (Image Credit: Russell Smith)

In the list of users, make sure that one of them has Intune A Direct listed in the status column. This might be the admin user for your Intune subscription or another user.

To enable an Intune license for a user, click the user in the list of Active Users, and then Edit to the right of Product licenses in the user’s dialog box.
Under Product licenses, switch Intune A Direct to On using the slider, and click Save.
Close the user’s dialog box.

Configure MDM Auto-Enrollment in Azure AD

To ensure that devices are automatically enrolled with Intune when they join Azure AD, you must configure MDM auto-enrollment for the directory.

Log in to the Azure management portal here.
Expand on the options on the left of the portal, and click ACTIVE DIRECTORY.
Click the directory you see in the list on the right.
Switch to the APPLICATIONS tab.
In the list of applications, click Microsoft Intune.
Click Configure below Assign users to mobile device management application.
On the microsoft intune screen, scroll down to manage devices for these users and click ALL. Click Save in the bar at the bottom of the portal window.

In a production environment, you’re more likely want to control which devices are managed using Intune with Azure AD groups.

Enable Windows 10 Device Enrollment

The next step is to enable specific device platforms that can enroll in Intune. This is done from the Intune management portal.

Open Internet Explorer and go to the Intune management portal here. Note that the portal isn’t currently compatible with Microsoft Edge.
Click ADMIN at the bottom of the list of options on the left of the portal.
Click Set Mobile Device Management Authority on the Mobile Device Management screen.

Enroll a Windows 10 Device

Now that MDM is set up for Windows devices in Intune, you can connect a Windows 10 device to Azure AD and it will automatically be enrolled to Intune.

Log in to Windows 10 as a local administrator.
Click the Settings icon on the Start menu.
In the Settings app, click Accounts.
Click Access work or school on the left.
Click + Connect on the right.
In the Set up a work or school account dialog box, type the email address of a licensed Intune user, and click Next.
In the Let’s get you signed in dialog box, type the password for the account, and click Sign in.
On the You’re all set! screen, click Done.
The new account will appear on the Connect to work or school screen in the Settings app. Click it, and if the device successfully enrolled with Intune, you’ll see the Info button. Click Info.
You’ll see the address of the management server and information about the last attempted sync. You can force a sync operation with the management server by pressing Sync.

In this article, I showed you how to set up automatic device enrollment in Microsoft Intune, and how to enroll and Windows 10 device.

by Russell Smith
Dec 23, 2016

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Using Autodesk Drive to Collaborate on Design and Model Data in the Cloud

Jan 6, 2023

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.

Bring world-class customer experiences and calling into Microsoft Teams

10 Best Practices for Secure Backups

2023 Global Report: Ransomware Trends

Microsoft Intune: Windows 10 Device Enrollment

Assign User Licenses

Configure MDM Auto-Enrollment in Azure AD

Enable Windows 10 Device Enrollment

Enroll a Windows 10 Device