Forum Discussion
Enroll a Windows device in Intune with a non-administrator account
Hi Basically, I am referring to the following article: https://docs.microsoft.com/en-us/troubleshoot/mem/intune/no-permission-to-enroll-windows-devices I have devices here that use Office 365...
Not quite clear what the situation is so I have a few questions:
- Do your users have 2 accounts to deal with? One for on-premises and one for Office 365?
- Do your users log-in with their on-premise AD account on AD joined devices?
- Or are we talking about unmanaged devices with local accounts and no admin rights?
- You don't want the devices to be Azure AD joined but only MDM enrolled. Is that right?
- Why is Azure AD Connect not possible? Can you clarify?
- How do users work with Office 365 sources? Browser only?
- What licenses do your users have?
By the way, It's not a requirement to have Intune managed devices to use conditional access. Conditional access can allow or restrict access to Microsoft 365 resources when users sign-in (identity-driven signals) using a managed or unmanaged devices, local apps or the browser. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
I'm sorry I didn't write everything clearly. I try to answer.
1. No, only one Account is synced with Azure AD Cloud Sync, not Cloud Connect.
2. Login on Device with their on-premise account.
3. AD Joined Device with no local Admin rights.
4. Right, only MDM enrolled
5. Other AD (subsidiary)
6. Apps and Web
7. Microsoft 365 E3
1. No, only one Account is synced with Azure AD Cloud Sync, not Cloud Connect.
2. Login on Device with their on-premise account.
3. AD Joined Device with no local Admin rights.
4. Right, only MDM enrolled
5. Other AD (subsidiary)
6. Apps and Web
7. Microsoft 365 E3