Forum Discussion
MDM Scope enrollement : Users or device groupe ?
Hi I would like to know in this part, do I have to specify a group of equipment or a group of users? knowing that if I declare a user group, the user will be able to join his personal pc to azur...
This configuration specifies which users are allowed to (auto)enroll devices in MDM/MAM. Of course, as you mention, you don't want them to just enroll any device. To prevent this, you will then need to configure enrollment restrictions. You can, among other things, block enrollment of personally owned devices.
For more information:
Set enrollment restrictions in Microsoft Intune | Microsoft Docs
Edit: I just noticed you mention "join [...] to azure ad". AAD joining is restricted via the Azure AD setting "Users may join devices to Azure AD" (found under "Devices").
the problem is i can't see the devices in the Intune Portal , and i can see it in the Azure AD portal and the Intune is the MDM solution.
by this way i can apply some intune policys like configuration profil to a group of devices without enroll them to intune : in the assignement i choice the device group .. and worked fineSomehow I can't open your screenshot,
but if you can see the devices in the Intune portal, they are enrolled. The fact that the Azure AD device also shows "Intune" as the MDM is also an indication of that fact. As such, policies are applied to those devices.Edit: misread your reply... you clearly state you can't see the devices in Intune.
If Azure AD thinks Intune managed them, they should appear in Intune. If you click on the Azure AD device, doesn't it show a "Manage" button in the top of the screen?
- yes it show the "manage" button, what does it mean ?
