Hi Community,I have walked in a role where Intune/endpoint manager has been set up. This a cloud native environment no on premise nor config manager. I want to know if there is a way to enrol a device into endpoint without the user having to log in to a work account on the device or going through enrolment themselves. ?

Hi AMR_01, If the PC is connected to the internet and properly configured in Endpoint Manager to use Auto Pilot, the user shouldn't have problems enrolling the pc and showing in Endpoint Manager. One thought, you can enroll the pcs with DEM account and then send it to the user. You just have to change the primary user after pc is enrolled and showing Compliant in Endpoint Manager. Hope this helps!Moe Enroll devices using a device enrollment manager account - Microsoft Intune | Microsoft Docs

Hi,The best option is ofcourse to upload the hash to intune to start enrolling them into autopilot. But I feel the "pain"Maybe looking into a bulk enrollment like described here?https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll

Hi AMR_01, You can take a look at Autopilot self deploying mode.Windows Autopilot self-deploying mode (Public Preview) | Microsoft Docs But for a correct answer, what is the goal you want to achieve, what is the reason why you don't want that the user has to log on with their work account on the device? Kind regards, Rene

Hi Mr_Helaas - Rene,Thanks for replying, the real reason or two is i have one user who has a company PC (at home) and has logged in to his work account and the device shows up as Azure AD joined but fails to enrol into Endpoint Manager. The other reason is i have sent a machine direct from the manufacturer to the user and he has managed to login to his work account but the device is only AD registered and also not enrolled in to endpoint. Both are on the Enterprise Mobility + Security E3 license. I'm not sure where it has failed as there's no logs i can investigate so i thought the best way is to take it out of the user's hands to enrol? What do you think are the best options for me?Thanks,,Abs

Hi Moe, The PCs are not in Endpoint Manager and i dont have Auto Pilot configured. In our setup the PC is AAD joined before it is managed by Endpoint. I think i need to look into Auto Pilot to see if this can help me solve these non enrolment issues.Thanks,Abs

Device enrolment issue/question | Microsoft Community Hub

20 Replies

StuartK73
Iron Contributor
Jan 07, 2022
Maybe already mentioned, but have you setup Automatic Enrolment?

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-automatic-enrollment
Rudy_Ooms_MVP
MVP
Jan 06, 2022
Hi,

The best option is ofcourse to upload the hash to intune to start enrolling them into autopilot. But I feel the "pain"
Maybe looking into a bulk enrollment like described here?

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll
- AMR_01
  Copper Contributor
  Jan 06, 2022
  Hi, Its a pain especially walking in to a half setup and now need to find out how we are going to you Endpoint. We are cloud native and everyone is working from home. I need to figure out how to manage all these Windows devices from scratch. I' ve been looking into Auto Pilot for future enrolment but for current one's most likely DEM? What do you think?
  - Rudy_Ooms_MVP
    MVP
    Jan 06, 2022
    The provision package doesnt require a dem account.. only beware of the amount of devices 1 user can enroll 🙂 ...
Mr_Helaas
Steel Contributor
Jan 05, 2022
Hi AMR_01,

You can take a look at Autopilot self deploying mode.
Windows Autopilot self-deploying mode (Public Preview) | Microsoft Docs

But for a correct answer, what is the goal you want to achieve, what is the reason why you don't want that the user has to log on with their work account on the device?

Kind regards,

Rene
- AMR_01
  Copper Contributor
  Jan 05, 2022
  Hi Mr_Helaas - Rene,
  
  Thanks for replying, the real reason or two is i have one user who has a company PC (at home) and has logged in to his work account and the device shows up as Azure AD joined but fails to enrol into Endpoint Manager. The other reason is i have sent a machine direct from the manufacturer to the user and he has managed to login to his work account but the device is only AD registered and also not enrolled in to endpoint. Both are on the Enterprise Mobility + Security E3 license. I'm not sure where it has failed as there's no logs i can investigate so i thought the best way is to take it out of the user's hands to enrol? What do you think are the best options for me?
  Thanks,,
  Abs
  - Rudy_Ooms_MVP
    MVP
    Jan 06, 2022
    Hi... I didnt read that part about azure ad joined devices that arent enrolled into intune. Thats something to look into...
    My first guess would be the MDM scope , I am explaining the whole process and differences between aadj/aadr and mdm/mam scope
    
    https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/
    
    Were those license purchased before the devices were azure ad joined ? if so you will need to enroll them manually into mdm /intune
    
    https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/

Forum Discussion

Device enrolment issue/question

20 Replies

Resources