Microsoft Intune: Windows 10 Device Enrollment

In today’s Ask the Admin, I’ll show you how to enable device enrollment in Microsoft Intune and enroll a Windows 10 PC.

Microsoft Intune is a lightweight cloud-based PC and mobile device management product that uses Mobile Device Management (MDM), a set of standards for managing mobile devices, instead of Active Directory (AD) Group Policy, which is a Windows-only technology. For more information about Intune, see Introduction to Microsoft Intune on the Petri IT Knowledgebase.

Windows 10 PCs connect with Azure Active Directory and are then automatically enrolled in Intune. Before you can complete the instructions below, you will need both a trial Intune account and Azure Active Directory (Premium) subscription. Although the accounts are free for the trial period, credit card details are required to sign up for Azure AD Premium. I recommend creating an Intune account first, and then using the same account details to create an Azure AD Premium subscription. This will ensure that the Azure AD Directory is associated with your Intune subscription.

Assign User Licenses

The first step is to assign at least one user an Intune license. Licensing is managed from the Office 365 management portal.

• Log in to the Office 365 management portal here with the admin account for your Intune subscription.
• In the options on the right of the portal, click Users, and then Active users.

Assign an Intune license to a user (Image Credit: Russell Smith)

In the list of users, make sure that one of them has Intune A Direct listed in the status column. This might be the admin user for your Intune subscription or another user.

• To enable an Intune license for a user, click the user in the list of Active Users, and then Edit to the right of Product licenses in the user’s dialog box.
• Under Product licenses, switch Intune A Direct to On using the slider, and click Save.
• Close the user’s dialog box.

Assign an Intune license to a user (Image Credit: Russell Smith)

Configure MDM Auto-Enrollment in Azure AD

To ensure that devices are automatically enrolled with Intune when they join Azure AD, you must configure MDM auto-enrollment for the directory.

Configure MDM Auto-enrollment in Azure AD (Image Credit: Russell Smith)

• Log in to the Azure management portal here.
• Expand on the options on the left of the portal, and click ACTIVE DIRECTORY.
• Click the directory you see in the list on the right.
• Switch to the APPLICATIONS tab.
• In the list of applications, click Microsoft Intune.
• Click Configure below Assign users to mobile device management application.
• On the microsoft intune screen, scroll down to manage devices for these users and click ALL. Click Save in the bar at the bottom of the portal window.

Configure MDM Autoenrollment in Azure AD (Image Credit: Russell Smith)

In a production environment, you’re more likely want to control which devices are managed using Intune with Azure AD groups.

Enable Windows 10 Device Enrollment

The next step is to enable specific device platforms that can enroll in Intune. This is done from the Intune management portal.

Enable Windows 10 Device Enrollment (Image Credit: Russell Smith)

• Open Internet Explorer and go to the Intune management portal here. Note that the portal isn’t currently compatible with Microsoft Edge.
• Click ADMIN at the bottom of the list of options on the left of the portal.
• Click Set Mobile Device Management Authority on the Mobile Device Management screen.

Enroll a Windows 10 Device

Now that MDM is set up for Windows devices in Intune, you can connect a Windows 10 device to Azure AD and it will automatically be enrolled to Intune.

Enroll a Windows 10 Device (Image Credit: Russell Smith)

• Log in to Windows 10 as a local administrator.
• Click the Settings icon on the Start menu.
• In the Settings app, click Accounts.
• Click Access work or school on the left.
• Click + Connect on the right.
• In the Set up a work or school account dialog box, type the email address of a licensed Intune user, and click Next.
• In the Let’s get you signed in dialog box, type the password for the account, and click Sign in.
• On the You’re all set! screen, click Done.
• The new account will appear on the Connect to work or school screen in the Settings app. Click it, and if the device successfully enrolled with Intune, you’ll see the Info button. Click Info.
• You’ll see the address of the management server and information about the last attempted sync. You can force a sync operation with the management server by pressing Sync.

Enroll a Windows 10 Device (Image Credit: Russell Smith)

In this article, I showed you how to set up automatic device enrollment in Microsoft Intune, and how to enroll and Windows 10 device.