Forum Discussion
Auto Enrollment Intune devices already azure AD joined?
Hi William,
the problem is if you enable both enrollment user scopes and when they overlap the MAM scope will take precedence. I guess this is your problem, I've seen this very often.
see here: https://docs.microsoft.com/en-us/intune/windows-enroll
Important
If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.
to avoid this and get your MDM auto-enrollment working you can either disable the MAM user scope or you enable All for MDM user scope and assign a specific group for MAM user scope. Additionally keep in mind the MAM user scope is not for general MAM on iOS or Android, it is for the MAM Windows feature. It's the Windows Information Protection feature basically.
best,
Oliver
Oliver Kieselbach wrote:Hi William,
the problem is if you enable both enrollment user scopes and when they overlap the MAM scope will take precedence. I guess this is your problem, I've seen this very often.
see here: https://docs.microsoft.com/en-us/intune/windows-enroll
Important
If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.
to avoid this and get your MDM auto-enrollment working you can either disable the MAM user scope or you enable All for MDM user scope and assign a specific group for MAM user scope. Additionally keep in mind the MAM user scope is not for general MAM on iOS or Android, it is for the MAM Windows feature. It's the Windows Information Protection feature basically.
best,
Oliver
Superb and very informative answer Oliver