Forum Discussion
MDM Compiant
Hi Oliver,
Now it worked!
I was pointing my windows hello GPO with MDM GPO for a group of users and not for a group of Machines as showed at the image.
Thanks again for the help!
Hi Oliver,
Thanks for the help.
I followed all the steps in this links that you sent but I still have some windows 10 devices that doesn't enroll automatically.
I still do have to put the users as local admin and add the e-mail account to see the device in my azure as managed by Microsoft Intune:
And I also use Windows Hello in my invironment but the automatic register does not work.
What I'm doing wrong ?
Thanks again
Hi Paulo,
when you say some do not register, are the others then registering normally and are showing MDM -> Intune?
Did you follow the Windows Hello for Business implementation guide for Hybrid Azure AD, you have to have a supported Domain Controller in the environment to successfully allow the Hybrid Azure AD joined devices to register?
Planning a Windows Hello for Business Deployment
If your majority of devices is registering successful did you try these troubleshooting tips for Hybrid Azure AD join devices?
Troubleshooting hybrid Azure Active Directory joined Windows 10 and Windows Server 2016 devices
best,
Oliver
when you say some do not register, are the others then registering normally and are showing MDM -> Intune?
Yes Oliver, but I comfirmed right now that any new or old device that I add in my hybrid domain does not appear as managed by Intune.
Did you follow the Windows Hello for Business implementation guide for Hybrid Azure AD, you have to have a supported Domain Controller in the environment to successfully allow the Hybrid Azure AD joined devices to register?
Yes, I followed and Windows Hello is working fine in my environment.
If your majority of devices is registering successful did you try these troubleshooting tips for Hybrid Azure AD join devices?
As I said, I see that there's no device registering automatically.
I really need to know if I need to put my users as local administrator to Add an accout for the device appear as managed by Microsoft Intune and after this have access to wipe data in windwos 10 ?That case is the same situation that i am but i really don't understand the way to manage device via Intune without admin account:
So for the MDM registering you should follow this to automate the MDM enrollment task:
Enroll a Windows 10 device automatically using Group Policy
Regarding your Standard user problem I'm unsure. The GPO approach is using a scheduled task, so try it out. If this approach works with standard user permissions I don't know right now.
Hi Oliver,
Now it worked!
I was pointing my windows hello GPO with MDM GPO for a group of users and not for a group of Machines as showed at the image.
Thanks again for the help!