Forum Discussion
Enroll a Windows device in Intune with a non-administrator account
Hi Basically, I am referring to the following article: https://docs.microsoft.com/en-us/troubleshoot/mem/intune/no-permission-to-enroll-windows-devices I have devices here that use Office 365...
Not quite clear what the situation is so I have a few questions:
- Do your users have 2 accounts to deal with? One for on-premises and one for Office 365?
- Do your users log-in with their on-premise AD account on AD joined devices?
- Or are we talking about unmanaged devices with local accounts and no admin rights?
- You don't want the devices to be Azure AD joined but only MDM enrolled. Is that right?
- Why is Azure AD Connect not possible? Can you clarify?
- How do users work with Office 365 sources? Browser only?
- What licenses do your users have?
By the way, It's not a requirement to have Intune managed devices to use conditional access. Conditional access can allow or restrict access to Microsoft 365 resources when users sign-in (identity-driven signals) using a managed or unmanaged devices, local apps or the browser. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
- I'm sorry I didn't write everything clearly. I try to answer.
1. No, only one Account is synced with Azure AD Cloud Sync, not Cloud Connect.
2. Login on Device with their on-premise account.
3. AD Joined Device with no local Admin rights.
4. Right, only MDM enrolled
5. Other AD (subsidiary)
6. Apps and Web
7. Microsoft 365 E3
