Event details

Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date ef...
Char_Cheesman
Updated May 16, 2024
Office Hours
Machi1145's avatar
Machi1145
Copper Contributor
May 16, 2024
When we pre-provision a device for Autopilot, our users still need permissions to register a device to Azure. Even though the autopiloted device is registered to Entra and Intune already during the pre-provision process. Is this necessary / a security practice or can this be avoided for smoother user experience?
  • Jason_Sandys's avatar
    Jason_Sandys
    Icon for Microsoft rankMicrosoft
    May 16, 2024
    Hi James. Can you be a little more specific here. What exactly do you mean that the "users still need permissions" to register a device to Azure?
    • Machi1145's avatar
      Machi1145
      Copper Contributor
      May 16, 2024
      Users need to be a member of the "Users may join devices to Microsoft Entra" permission in Entra under Device settings.
      • Jason_Sandys's avatar
        Jason_Sandys
        Icon for Microsoft rankMicrosoft
        May 16, 2024
        OK, that's expected and by design. Some organizations wish to limit the ability to do this so this is the control for this. If you wish to allow all users to join their devices to Entra, then simply select All. Registering a device to Autopilot is a separate activity with a separate purpose as this is device specific. As noted, some orgs wish to limit which users, regardless of AP registration, have the ability to join that device to Entra (which is actually user centric activity).