SOLVED
Home

Intune AzureAD auto MDM enrollment blocked by also allowing MAM?

%3CLINGO-SUB%20id%3D%22lingo-sub-154550%22%20slang%3D%22en-US%22%3EIntune%20AzureAD%20auto%20MDM%20enrollment%20blocked%20by%20also%20allowing%20MAM%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-154550%22%20slang%3D%22en-US%22%3E%3CP%3ESetting%20up%20Intune%20AutoPilot%20from%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fwindows-autopilot%2Fwindows-10-autopilot%23windows-autopilot-scenarios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fwindows-autopilot%2Fwindows-10-autopilot%23windows-autopilot-scenarios%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20when%20I%20look%20at%20the%20docs%20for%20auto-enrollment%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fwindows-enroll%23enable-windows-10-automatic-enrollment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fwindows-enroll%23enable-windows-10-automatic-enrollment%3C%2FA%3E%26nbsp%3Bthere%20is%20this%20warning%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20%3CEM%3E%3CU%3EImportant%3C%2FU%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CEM%3EIf%20both%20%3CSTRONG%3EMAM%20user%20scope%3C%2FSTRONG%3E%20and%20automatic%20MDM%20enrollment%20(%3CSTRONG%3EMDM%20user%20scope%3C%2FSTRONG%3E)%20are%20enabled%20for%20a%20group%2C%20only%20MAM%20is%20enabled.%20Only%20MAM%20is%20added%20for%20users%20in%20that%20group%20when%20they%20workplace%20join%20personal%20device.%20Devices%20are%20not%20automatically%20MDM%20enrolled.%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EQuestion%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ESo%20is%20it%20possible%20to%20have%20auto-enrolled%20MDM%20through%20AzureAD%2FIntune%20with%20Auto-Pilot%20while%20also%20having%20automatic%20MAM%20for%20non-windows%20devices%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20almost%20seems%20as%20if%20the%20AzureAD%20MAM%20page%20has%20bad%20wording%20-%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%22MAM%20User%20Scope%22%20makes%20sense%20-%20but%20MDM%20scope%20should%20be%20an%20OR%20for%20%22Device%2FUser%2FDevice%2BUser%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%3A%20This%20is%20all%20for%20url%3A%3C%2FP%3E%0A%3CP%3Eportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FActiveDirectoryMenuBlade%2FMobility%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E(I%20didn't%20copy%2Fpaste%20so%20I%20might%20have%20missed%20something)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-154550%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-154821%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20AzureAD%20auto%20MDM%20enrollment%20blocked%20by%20also%20allowing%20MAM%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-154821%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%20MAM%20settigns%20is%20MAM%20for%20Windows%20-%20and%20have%20nothing%20to%20do%20with%20MAM%20for%20non-windows%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3EThe%20MAM%20settings%20in%20the%20documentaion%20is%20for%20MAM%20for%20Windows%20with%20out%20enrollment%20-%20hope%20it%20makes%20sense.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKind%20Regards%3C%2FP%3E%0A%3CP%3EPer%20Larsen%3C%2FP%3E%0A%3CP%3EEnterprise%20Mobility%20MVP%3C%2FP%3E%0A%3CP%3EBlog%3A%20%3CA%20href%3D%22https%3A%2F%2Fosddeployment.dk%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fosddeployment.dk%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Neil Goldstein
Contributor

Setting up Intune AutoPilot from here:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot#windows-a...

 

But when I look at the docs for auto-enrollment https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment there is this warning:

 

       Important

  • If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.

 

Question:

So is it possible to have auto-enrolled MDM through AzureAD/Intune with Auto-Pilot while also having automatic MAM for non-windows devices?

 

 

 

It almost seems as if the AzureAD MAM page has bad wording - 

"MAM User Scope" makes sense - but MDM scope should be an OR for "Device/User/Device+User"

 

 

Note: This is all for url:

portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility

 

(I didn't copy/paste so I might have missed something)

 

Thanks!

 

 

1 Reply
Solution

hi

 

That MAM settigns is MAM for Windows - and have nothing to do with MAM for non-windows :)

The MAM settings in the documentaion is for MAM for Windows with out enrollment - hope it makes sense.

 

Kind Regards

Per Larsen

Enterprise Mobility MVP

Blog: https://osddeployment.dk

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies