Forum Discussion
Intune for Windows 10 issue
Hi,
you wrote you managed to enroll the device using Company Portal, then it seems that your Auto Enrollment is not working like it should. You need to configure Auto Enrollment correctly then you don't need the company portal for successful enrollment. Just enable the MDM scope and leave the MAM scope at None otherwise MAM will take precedence.
For official documentation see here:
https://docs.microsoft.com/en-us/intune/windows-enroll
and here the important advice:
For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
best,
Oliver
Exactly you need to use Conditional Access for this and "require device to be marked as compliant"
To complete the picture you should have a compliance policy to define what makes a device compliant.
best,
Oliver
Thanks guys, I realised that when trying to enrol via autopilot and I am a normal user I don't get enrolled. If I log in with an admin account then I do get enrolled. This doesnt make sense as I am not going to grant all my users admin privileges.
Any ideas?
Hi,
This is not the case, even if you are enrolling as standard user in autopilot the device should get enrolled in Azure AD. Check if the user has valid license assigned and also Automatic MDM enrolment is configured all users or group of users.
You need use conditional access
