Forum Discussion
Standalone Intune subscription for onboarding computer with Windows 11/10
Hello, I have 3 computers that are used for running specific company workloads and are not used by users... These are running Windows 11 or 10 OS. 2 of them are on-prem and one is a VM in Azure. ...
You can use a DEM account to onboard the devices, but be aware of the limitations. If you use this method, then you may have to purchase Intune Device license depending on what all you want to manage on the devices.
I was not aware of DEM... and it looks like this is what I need...
doing more research, looks like I can also use my "testuser" account that is licensed with Intune.... as from what I've found, a standard user has limitation 15 enrolled devices (which is more than enough I need)
However, a DEM seems to be more "clean" solution - have dedicated user account that will be used for enrolling those kind of machines. About limitation, I need the devices to be in intune for:
- patch management with Windows Autopatch
- configuration profiles deployment for system and security hardening
- endpoint security policies - Antivirus, ASR, Firewall, etc...
We are in hybrid scenario (AD synced to MS Entra)
From what I understand, these should not be limited with DEM, but not sure.... I will not deploy any apps via intune, etc... So all policies will be configured for "devices" and not "users".
Do I get it correctly?
- For patching needs, I am pretty sure you will need an Intune Device license to support Windows Update for Business with a DEM account. If you don’t use a DEM account and use a standard user account then standard Intune user license will suffice.
- Hi,
I'm about to order a DEM license "Intune for Device"... As I want to use the account for 3 Windows 11 Pro devices that are running some business apps and want to get options to manage them via Intune (as mentioned above -for patching and Endpoint Security configurations), + use that account for onboarding new devices to Intune. As from time to time, I need to pre-configure new laptops without having an official user to use it. So I need to get it onboarded and default setting/apps deployed. Profiles and Apps policies are assigned to "device" groups, so I believe "Intune for Device" would work here?
