Forum Discussion

michaelsjodin's avatar
michaelsjodin
Brass Contributor
Jan 27, 2021
Solved

Windows 10 automatic enrollment on a new device

Hi   I have Windows 10 automatic enrollment for new computers that join the Domain. If i have a newly installed device and login to it after a while the join is completed and the device is now in I...
Intune
  • v-mysan's avatar
    v-mysan
    Jan 27, 2021

    michaelsjodin 

     

    Aside from the troubleshooting steps in the article, make sure the account signing on to Windows is synchronized to Azure AD and has permissions to auto-enroll devices.  The scheduled task created by the GPO uses that account for authentication.

     

    In my lab, I have had cases where a user did not sign on during the 24 hour period the scheduled task runs for and had to wait until the GPO refreshed and created the task again.  In those cases, a gpupdate /force worked so long as the user had local administrator permissions.

     

    Other than that, you wait.

v-mysan's avatar
v-mysan
Former Employee
Jan 27, 2021

michaelsjodin 

 

Are these computers Hybrid Azure AD Joined (in your local Active Directory and Azure AD)?  If so the following article explains how to use a GPO to enroll existing devices: Enroll a Windows 10 device automatically using Group Policy - Windows Client Management | Microsoft Docs.

 

If the devices are not in your local Active Directory, when the device is joined to Azure AD, it will automatically enroll, and is considered a corporate-owned device.

When a user adds a new work or school account, the device is not joined but registered to Azure AD.  The enrollment considers this a personally-owned (BYOD) device.

 

If either of the second two scenarios are what you need, let me know if a reply.

 

Reference: Intune enrollment methods for Windows devices - Microsoft Intune | Microsoft Docs

  • michaelsjodin's avatar
    michaelsjodin
    Brass Contributor
    Jan 27, 2021
    Hi

    They are Hybrid Azure AD Joined with a GPO and i wonder if there is any faster way to make this happen then just wait or logging in with the users credentials under "accounts". running a gpupdate /force is not helping either.
    • v-mysan's avatar
      v-mysan
      Former Employee
      Jan 27, 2021

      michaelsjodin 

       

      Aside from the troubleshooting steps in the article, make sure the account signing on to Windows is synchronized to Azure AD and has permissions to auto-enroll devices.  The scheduled task created by the GPO uses that account for authentication.

       

      In my lab, I have had cases where a user did not sign on during the 24 hour period the scheduled task runs for and had to wait until the GPO refreshed and created the task again.  In those cases, a gpupdate /force worked so long as the user had local administrator permissions.

       

      Other than that, you wait.