Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Apr 22, 2024

Standalone Intune subscription for onboarding computer with Windows 11/10

Hello,

 

I have 3 computers that are used for running specific company workloads and are not used by users... These are running Windows 11 or 10 OS. 2 of them are on-prem and one is a VM in Azure.

 

Now, I would like to have them managed by Intune - same as all end user computers. What is the recommended approach to onboard them to Intune? Is there any "per device" Intune subscription? Or should I just have an extra user account that I will assign Intune subscription and use that account to log in to those computers so that they are enrolled to Intune with that account? Would it cause any conflicts if I have one user account used to onboard several devices?

 

Not sure what is the best way in those situations... 

 

Thank you

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    You can use a DEM account to onboard the devices, but be aware of the limitations. If you use this method, then you may have to purchase Intune Device license depending on what all you want to manage on the devices.
    • sumo83's avatar
      sumo83
      Iron Contributor

      rahuljindal-MVP 

       

      I was not aware of DEM... and it looks like this is what I need...

      doing more research, looks like I can also use my "testuser" account that is licensed with Intune.... as from what I've found, a standard user has limitation 15 enrolled devices (which is more than enough I need)

       

      However, a DEM seems to be more "clean" solution - have dedicated user account that will be used for enrolling those kind of machines. About limitation, I need the devices to be in intune for:

      • patch management with Windows Autopatch
      • configuration profiles deployment for system and security hardening
      • endpoint security policies - Antivirus, ASR, Firewall, etc...

      We are in hybrid scenario (AD synced to MS Entra)

       

      From what I understand, these should not be limited with DEM, but not sure.... I will not deploy any apps via intune, etc... So all policies will be configured for "devices" and not "users".

       

      Do I get it correctly?

       

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        For patching needs, I am pretty sure you will need an Intune Device license to support Windows Update for Business with a DEM account. If you don’t use a DEM account and use a standard user account then standard Intune user license will suffice.

Resources