Forum Discussion
Intune for Remote PRTG Probes
MorneVR Using of an https://docs.microsoft.com/en-us/mem/intune/fundamentals/licenses#device-only-licenses bring the following limitations:
- Intune app protection policies
- Conditional access
- User-based management features, such as email and calendaring
If you only want to manage updates and compliance it should be possible.
If you use device only, would you use a local windows account to log onto the device or can a unlicensed cloud only O365 account log onto the device?
This is possible to login to the device but I am not sure if this is the best solution. What about to create an own service account for each device (to be license-compliant) and assign the e3 license to this account insted of using the device only license.
Jannik_Reinhard the idea is to keep costs down as the machines will only be used to monitor client environments. Interaction with the machines will be minimal but I would still like to keep them patched, secured and compliant as they are sitting in client networks.
MorneVR :
When you deploy this device as a self-deploying device / kiosk pc it will work. The following enrollment types are supported for a device only license:
- Windows Autopilot Self-Deploying mode
- Apple Device Enrollment Program without user affinity
- Apple School Manager without user affinity
- Apple Configurator without user affinity
- Android Enterprise dedicated
- Using a device enrollment manager account
If you setup the device as an kiosk pc you also have an local user and you don't have an need for an additional AAD user.
A instruction how to configure an kiosk pc you can find here: https://jannikreinhard.com/2021/07/22/setup-an-modern-kiosk-pc/When you setup the device not as a kiosk pc I think you need an licensed user to be compliant.