Forum Discussion

Deleted's avatar
Deleted
Nov 08, 2018

Auto Enrollment Intune devices already azure AD joined?

Hello,

 

Under All Devices I found all my computers that have join type "Azure AD Joined"  but under "Intune Devices" there is none. 

Is there a way to auto enroll Computer that already has Azure AD joined to intune?

//W

Intune
mobile device management (mdm)

13 Replies

  • Oliver Kieselbach's avatar
    Oliver Kieselbach
    MVP
    Nov 12, 2018

    Hi William,

     

    the problem is if you enable both enrollment user scopes and when they overlap the MAM scope will take precedence. I guess this is your problem, I've seen this very often.

     

    see here: https://docs.microsoft.com/en-us/intune/windows-enroll

    Important

    If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.

     

    to avoid this and get your MDM auto-enrollment working you can either disable the MAM user scope or you enable All for MDM user scope and assign a specific group for MAM user scope. Additionally keep in mind the MAM user scope is not for general MAM on iOS or Android, it is for the MAM Windows feature. It's the Windows Information Protection feature basically.

     

    best,

    Oliver

    • Deleted's avatar
      Deleted
      Nov 12, 2018

      Hello Oliver,

       

      It is only MDM user scope that is enabled and not MAM.

      I just noticed that they have Intune clinet installed :/ I have to remove the devices from the console first.

      Thanks!

      • Claytonlopes's avatar
        Claytonlopes
        Copper Contributor
        Dec 03, 2018
        I’m having the same issue , which devices did you move under what section in azure ? I have devices already enrolled into azure ad and trying to get them to enrol into Intune . Under accounts in settings I select enrol only in device management and it doesn’t install the Intune Management Extension. So question is what is the best way to enrol a device into Intune that is already azure ad joined ? Btw license is Microsoft 365 business . And oobe works for brand new devices and Intune Management Extension is working for those devices
    • StuartK73's avatar
      StuartK73
      Iron Contributor
      Nov 12, 2018
      Oliver Kieselbach wrote:

      Hi William,

       

      the problem is if you enable both enrollment user scopes and when they overlap the MAM scope will take precedence. I guess this is your problem, I've seen this very often.

       

      see here: https://docs.microsoft.com/en-us/intune/windows-enroll

      Important

      If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.

       

      to avoid this and get your MDM auto-enrollment working you can either disable the MAM user scope or you enable All for MDM user scope and assign a specific group for MAM user scope. Additionally keep in mind the MAM user scope is not for general MAM on iOS or Android, it is for the MAM Windows feature. It's the Windows Information Protection feature basically.

       

      best,

      Oliver

      Superb and very informative answer Oliver

    • Deleted's avatar
      Deleted
      Nov 08, 2018
      Hi,

      I've already done that and that is if you enroll them to azure ad they will automatically enroll in intune. In this case, they are already AzureAd joined
      • StuartK73's avatar
        StuartK73
        Iron Contributor
        Nov 08, 2018

        Ah, understood

         

        Does the group scope not still enrol them?

         

        Stuart

Resources