Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Dec 17, 2019

Enroll existing Azure AD Joined W10 Devices into Intune

Hi All   What is the best way to enroll existing  / live / already in use Azure AD Joined W10 devices into Intune?   I have tried deep linking and get a privileges error.   Info greatly appreci...
Intune
mobile device management (mdm)
Thijs Lecomte's avatar
Thijs Lecomte
Bronze Contributor
Jun 04, 2020
I totally hear you.... You don't want to give out local admin.

I think it's the current logged on user who needs to executes these tasks, but I am not sure. IT's something you would have to test
Orion-Skol's avatar
Orion-Skol
Brass Contributor
Jun 04, 2020

Thijs Lecomte This is the reason i had mentioned above that Intune enrollment is unprofessional and not acceptable. How many corporates will give users to local admin rights to enroll Intune? If your corporate does, good luck with compliance and Auditors.

 

Why not create right click on endpoint.microsoft.com on devices and select to enroll MDM device? or with powershell?

otherwise it is total Failure...

 

 

 

 

 

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Oct 06, 2021
    There are a lot of options (ehh not that much but 🙂 ) you can join your existing devices to azure.. but are you sure there arent any weird left overs on the device? if not you youlc crate a bulck enrollment package and join them to azure... And your local admin can be solved with a nice powershell script... And... there are scripts which looks at the logged on user to change the primary user if I am not mistaken
  • Swarupa_D's avatar
    Swarupa_D
    Copper Contributor
    Oct 06, 2021

    Thijs Lecomte Hi! I have some 500 working corporate laptops in a company. By Auto-enrolling, I can join all of them to Intune while joining to AAD. But is there a way to join all those devices to AAD in bulk with satisfying the conditions of

    1. No wiping or loss of data or present configuration of the device.

    2. No local admin rights for the user

    3. A primary user associated with each managed device.

     

    Please, advise and thanks in advance 

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Jun 04, 2020
    Every MDM will have this problem if you don't have a current Management system in place to automate the enrollment
  • Orion-Skol's avatar
    Orion-Skol
    Brass Contributor
    Jun 04, 2020

    Thijs Lecomte I see big failure here if MS won't change this. This would be lack of security and compliance of many companies especially with financial companies. I think i would suggest my company to look for 3rd party MDM solution...good luck everyone.

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Jun 04, 2020
    Auto enrollment enrolls into Intune when you join to AAD

    This is the solution that Microsoft recommends.

    For your case, there is no solution and no solution will come probably
  • Orion-Skol's avatar
    Orion-Skol
    Brass Contributor
    Jun 04, 2020

    Thijs Lecomte How??

     

    Microsoft came out and we move all computers AAD (there is no onpremise or sccm left)..

     

    Now want to enroll all devices to Intune....how ? without giving user local admin

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Jun 04, 2020
    Well Microsoft solutions is autoenrollment, which doesn't require local admin actually

Resources