Forum Discussion

Zied_Berrima's avatar
Zied_Berrima
MCT
Jun 01, 2022

MDM Scope enrollement : Users or device groupe ?

Hi   I would like to know in this part, do I have to specify a group of equipment or a group of users? knowing that if I declare a user group, the user will be able to join his personal pc to azur...
Intune
mobile device management (mdm)
NielsScheffers's avatar
NielsScheffers
Iron Contributor
Jun 01, 2022

This configuration specifies which users are allowed to (auto)enroll devices in MDM/MAM. Of course, as you mention, you don't want them to just enroll any device. To prevent this, you will then need to configure enrollment restrictions. You can, among other things, block enrollment of personally owned devices.   

 

For more information:

https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

 

Edit: I just noticed you mention "join [...] to azure ad". AAD joining is restricted via the Azure AD setting "Users may join devices to Azure AD" (found under "Devices"). 

 

Zied_Berrima's avatar
Zied_Berrima
MCT
Jun 01, 2022

NielsScheffers 

 

the problem is i can't see the devices in the Intune Portal , and i can see it in the Azure AD portal and the Intune is the MDM solution.

 


by this way i can apply some intune policys like configuration profil to a group of devices without enroll them to intune : in the assignement i choice the device group .. and worked fine 

 

  • NielsScheffers's avatar
    NielsScheffers
    Iron Contributor
    Jun 01, 2022

    Somehow I can't open your screenshot, but if you can see the devices in the Intune portal, they are enrolled. The fact that the Azure AD device also shows "Intune" as the MDM is also an indication of that fact. As such, policies are applied to those devices.

    Edit: misread your reply... you clearly state you can't see the devices in Intune. 

     

    If Azure AD thinks Intune managed them, they should appear in Intune. If you click on the Azure AD device, doesn't it show a "Manage" button in the top of the screen?

    • Zied_Berrima's avatar
      Zied_Berrima
      MCT
      Jun 01, 2022
      yes it show the "manage" button, what does it mean ?
      • NielsScheffers's avatar
        NielsScheffers
        Iron Contributor
        Jun 01, 2022
        That button will take you to the device in the Intune portal.
    • Zied_Berrima's avatar
      Zied_Berrima
      MCT
      Jun 01, 2022
      what I found :

      -if in the part of the assignment of a configuration, I mention a group of device, in this case we do not have the obligations to assign intune licenses to users !! because I tested it and it works properly with a device
      • NielsScheffers's avatar
        NielsScheffers
        Iron Contributor
        Jun 01, 2022

        Zied_Berrima, I don't know what you mean to tell me with your previous reply. 

         

        For the "MDM user scope", you may find https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#configure-automatic-mdm-enrollment (and especially the note under bullet 2) helpful. 

         

        For the missing devices in Intune, see my previous reply. Are you seeing a "Manage" button?

Resources