Forum Discussion
MDM Scope enrollement : Users or device groupe ?
Zied_Berrima , agree with NielsScheffers and also, screenshots could help (image size set to large). Just to be clear, you will have to use a security group with users, not devices. Furthermore, when a user runs sysprep, it does not mean the device will enroll with a Autopilot (AP) profile. For that to happen the device hash should have been uploaded to Windows AP service, or you have configured an AP profile that converts devices to AP. The default setting is No.
"by this way i can apply some intune policies like configuration profil to a group of devices without enroll them to intune : in the assignement i choice the device group .. and worked fine"
This shouldn't be possible. You cannot deploy Intune policies (device restrictions/settings catalog/templates) to devices that are not managed by Intune. However, App protection policies can be configured for managed/unmanaged devices. Could you share your config?
could you rund dsregcmd /status from a command prompt on one of the devices that seem to be Azure AD joined, but not MDM enrolled (or seem to have configuration policies applied) , and share the results? Perhaps its a reporting issue with Intune.
Finally, I did a blog on this topic a while ago but it's still relevant: https://allthingscloud.blog/configuring-intune-mdm-user-scope-and-mam-user-scope/. Perhaps that might help with a little more background info.
Oktay Sari, thanks for stepping in. Just a quick clarification (as you request the output of dsregcmd /status😞
I've already confirmed the device exists in Intune (I think 
). The device is visible in Azure AD and shows a "Manage" button and that button actually redirects to the device in Intune).
Zied_Berrima says he can can't find it when using the search and actually only sees two devices (and I assume he expects many more to be visible).
dear gentlemen, thank you for your reactivity and your answers.
Like any functionality in the Microsoft cloud world, it requires a wait of time for propagation, a huge latency which leads to doubt: maybe I on my side I misconfigured the thing 😞
you have to wait a time which could be up to 12 hours.
Today in the morning , I was able to see the devices in the intune portal.
Oktay Sari for the configuration profiles : imagine that you have devices in Azure AD ( Joined or hybride or registred) you can put them in a security group, so you can mention this group in the "assignement" step when you create a configuation profil.
Hi Zied_Berrima , good to hear things worked out eventually . Sounds like you had a huge delay in devices showing up in Intune. Thx for the update.
- what do you think about the configuration profil assignement for devices aren't enrolled to intune ? it seams weired but that's work fine ..
