Enable automatic enrollment in Intune

by | Intune, Azure, Cloud

In this post I will show how to setup and configure to enable automatic enrollment in Intune for Windows devices. Once your intune account has been setup, we need to configure the automatic enrollment to start getting the device enrolled to intune to manage the device through MDM authority.

Setup Automatic enrollment

Login to Azure Portal, go to Azure Active Directory and scroll down to see Mobility (MDM and MAM).

Under Mobility (MDM and MAM),we can see 2 options. 1st one is meant for user scope.  Under MDM user scope click on Some to narrow down the scope applying to a specific group only, specify the group name.

Microsoft Intune Configure

Do the same for MAM user scope as well by selecting a group. Once done click on Save.

Note: When we enable MDM user scope and MAM user scope all together, for BYOD devices MAM user scope will take precedence. BYOD Devices will not get enrolled rather it will use Windows Information protection (WIP) policies. For Corporate Devices, MDM user scope will always takes precedence if both are set.

EnableAutoEnrollIntune 02

Go back to previous blade (showing both Microsoft Intune and Microsoft Intune Enrollment) and now select the 2nd option:

EnableAutoEnrollIntune 03

Configure MDM user scope to use All. We have option to specify a specific group as well. Configuring this option is the actual MDM enrollment what we are setting up for devices.

EnableAutoEnrollIntune 04

Assigning license to user for auto enrollment

User can only enroll to intune if they have appropriate license assigned. Following are the list of licenses available for intune:

Microsoft 365 E5
Microsoft 365 E3
Enterprise Mobility + Security E5
Enterprise Mobility + Security E3
Microsoft 365 Business Premium
Microsoft 365 F1
Microsoft 365 F3
Microsoft 365 Government G5
Microsoft 365 Government G3Intune for Education

There are multiple ways to assign the license, one of the method is to go through Azure Active Directory, select All users and search for the user to whom we want to assign the license. Click on the user you want to select.

EnableAutoEnrollIntune 05

Under user’s profile in left pane, click on Licenses and click on Assignments to assign a license. I have Enterprise Mobility + Security E3 license which I assigned to user.

assign license intune

Testuser1 is on premises user which is getting synched to Azure AD using Azure AD Connector , hence device will automatically get enrolled when user’s login as all the prerequisites are met:

  1. User is having appropriate license which we assigned.
  2. We configured automatic enrollment to a group where testuser1 is a member of this group.

The device will join the Azure AD, as the device is already part of on premises Active Directory, we will see the device as Hybrid Azure AD joined.

EnableAutoEnrollIntune 07

Azure AD Connect sync, which is also called as sync engine, is responsible for synchronizing the devices and users when Azure Active Directory connector is configured. Azure AD connector forms a connection between on-premises Active directory with Azure Active Directory.

Let’s also check MDM Authority Status, once logged in to MEM Admin Center, select Tenant Administration which will open another blade and click on Tenant Status, under Tenant details we can see that MDM Authority showing as Microsoft Intune, hence we are also set to use the Intune services as MDM.

EnableAutoEnrollIntune 08

Trackbacks/Pingbacks

  1. Enable co-management SCCM | Configuration Manager ManishBangia - […] Enable automatic enrollment in intune MEM Admin Center. […]

Leave a Reply