Forum Discussion
Azure Ad joined device integration to Microsoft Intune
Hi all, just had a quick question to everyone, is there a way to integrate Azure Ad joined devices to Microsoft Intune Without any end user intervention?
I also have a RMM agent in all of the computers which I want to integrate in Intune, not sure if that would help. Additionally, we don't have an on-prem server and are completely based out of Azure. So, Intune connector won't work for us as well. Thanks in advance for your response.
If you got the RMM agent installed then you might be able to automate the enrollment. As I see it, you will first need to enable automatic MDM enrollment first. Once done, you can push a PS script to initiate the automatic enrollment.
6 Replies
If you got the RMM agent installed then you might be able to automate the enrollment. As I see it, you will first need to enable automatic MDM enrollment first. Once done, you can push a PS script to initiate the automatic enrollment.
- rahuljindal do you happen to have a script for it? If you have could you kindly share this script?
- No sorry, I don’t. But I can share the registry keys that you need to configure.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM]
"AutoEnrollMDM"=dword:00000001
"UseAADCredentialType"=dword:00000001
If the device is AzureAD joined, it is by default Intune joined. You can find these devices under https://endpoint.microsoft.com/ and they will list them as either Corporate, or Personal.
Any devices in this portal are Intune joined.
For a brand new out of box laptop/desktop, you can join them to AzureAD/Intune by doing any of the following
- Logging in with a domain email address and password (providing the account meets all of the tenant conditions for allowing device join)
- Using Windows Autopilot device (determined at manufacturer or by using a powershell script on the device before deployment
- Using Windows Configuration Designer to prepare the device before deployment
Note that I use option 3 most of the time, and option 1 for one-off deployments. From a mass performance perspective you may want to look at option 2 or 3.
To roll out the RMM agent (or any application in general) you use App Deployment in Intune (found in the https://endpoint.microsoft.com portal). Roll the msi out via App deployment policy. Intune will deploy to your Intune devices that meet the device/user membership policy.
So short answers aare
1) yes, AzureAD join is Intune managed by default
2) Yes Device needs to be prepped before deployment (Autopilot, Windows Config Designer, Manual login via OOBE)
3) Yes, App deployment via Intune to all AzureAD joined devices that meet membership policy
- hi @wifijay the devices in question do show up in Azure AD but not in my Endpoint manager portal so i believe i would need to enroll this to endpoint manager..
Ok, i think you need to follow this link
https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/My methods are for where the devices are not deployed yet (ie new OOBE, or wipe and reload).
To connect to Intune post AzureAD join try the above link, or ask users to manually register via Company Portal
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll
