Forum Discussion

MVP

Apr 08, 2020

Solved

Documentation about Inune only enrollment on Microsoft Docs and use cases

Hello, I was reading this doc: https://docs.microsoft.com/en-us/archive/blogs/nzedu/10-ways-to-enroll-windows-10-into-intune and to view all of the 10 ways, it was suggested to go to this page:...

Intune

mobile device management (mdm)

Thijs Lecomte
Apr 10, 2020
If you don't do an Azure AD join, the user doesn't login with his AAD credentials. This isn't desired

A user can always change policies if the user is a local admin on his device. With this enrollment method this is always the case.
I would strongly advise that a user isn't a local admin. You can use the site I linked above to check what enrollment suits you best

HotCakeX

MVP

Apr 08, 2020

Looks like it's this:

https://docs.microsoft.com/en-us/windows/client-management/mdm/mdm-enrollment-of-windows-devices#connecting-personally-owned-devices-bring-your-own-device

can't be sure since that one gives 404 error.

by the way just wanna check and confirm this, if a device is only enrolled in Microsoft MDM and not AAD, Intune or endpoint management can still control that device such as setting policies etc, right? will there be any limitations?

Thijs Lecomte

Bronze Contributor

Apr 09, 2020

If you would enroll it like #3, the device would also be joined to AAD

To my knowledge, all W10 devices that enroll into Intune are also joined to AAD, no exceptions

HotCakeX
MVP
Apr 09, 2020
Thijs Lecomte

How come?
Scenario 3: Enroll in MDM Only (User Driven)
it's this:
https://docs.microsoft.com/en-us/windows/client-management/mdm/mdm-enrollment-of-windows-devices#connecting-to-mdm-on-a-desktop-enrolling-in-device-management
- Thijs Lecomte
  Bronze Contributor
  Apr 09, 2020
  I'll test this, I'll let you know when I have tested
  But I thought enrollment requires the device in AAD
  - HotCakeX
    MVP
    Apr 09, 2020
    Thank you so much!