Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Apr 22, 2024

Standalone Intune subscription for onboarding computer with Windows 11/10

Hello,   I have 3 computers that are used for running specific company workloads and are not used by users... These are running Windows 11 or 10 OS. 2 of them are on-prem and one is a VM in Azure. ...
Intune
mobile device management (mdm)
sumo83's avatar
sumo83
Iron Contributor
Apr 22, 2024

rahuljindal 

 

I was not aware of DEM... and it looks like this is what I need...

doing more research, looks like I can also use my "testuser" account that is licensed with Intune.... as from what I've found, a standard user has limitation 15 enrolled devices (which is more than enough I need)

 

However, a DEM seems to be more "clean" solution - have dedicated user account that will be used for enrolling those kind of machines. About limitation, I need the devices to be in intune for:

  • patch management with Windows Autopatch
  • configuration profiles deployment for system and security hardening
  • endpoint security policies - Antivirus, ASR, Firewall, etc...

We are in hybrid scenario (AD synced to MS Entra)

 

From what I understand, these should not be limited with DEM, but not sure.... I will not deploy any apps via intune, etc... So all policies will be configured for "devices" and not "users".

 

Do I get it correctly?

 

rahuljindal's avatar
rahuljindal
Bronze Contributor
Apr 23, 2024
For patching needs, I am pretty sure you will need an Intune Device license to support Windows Update for Business with a DEM account. If you don’t use a DEM account and use a standard user account then standard Intune user license will suffice.
  • sumo83's avatar
    sumo83
    Iron Contributor
    May 28, 2024
    Hi,

    I'm about to order a DEM license "Intune for Device"... As I want to use the account for 3 Windows 11 Pro devices that are running some business apps and want to get options to manage them via Intune (as mentioned above -for patching and Endpoint Security configurations), + use that account for onboarding new devices to Intune. As from time to time, I need to pre-configure new laptops without having an official user to use it. So I need to get it onboarded and default setting/apps deployed. Profiles and Apps policies are assigned to "device" groups, so I believe "Intune for Device" would work here?

Resources