Intune Windows 10 device enrollment without logged user

Iron Contributor

Hello and greetings from Portugal,

 

I'm quite new at Intune and I'm trying to do something that I don't know if it's even possible.

We already have Windows 10 devices Hybrid Azure AD Joined, and now I'm trying to add them to Intune. 

Already enabled GPO to allow automatic enrollment, I see that the schedule task is created, but than I event viewer I get the error: auto mdm enroll error "0xcaa9004d"


I believe this happens because I'm logged in with an user with license.


But...I was wondering if it's possible to enroll my devices to Intune without the need of a licensed user logged in and with using AutoPilot.

 

Best regards,

Diogo Sousa

9 Replies

Hi @Diogo Sousa,

 

Have you taken a look at 'Autopilot Self-Deploying Mode'?

 

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying

 

Cheers,

Chris Jacob

Hi @cjitsolutions

Tks for you reply!
We're not looking to Autopilot just yet but...we'll see it in a near future, but, still need to register machines without a logged user but having no clue how to do it :(

@Diogo Sousa 

OK no problem.

 

You need to log into the device as a user with an EMS license assigned for it to communicate with Intune, or, have a device license assigned to the device.

 

Out of interest, are you able to manually enrol the device into Intune via the 'Access work or school' menu? Perhaps try that first to confirm the device can connect successfully. Then go from there.

 

 

@cjitsolutions 

 

Hi CJ,

Yes, it's possible to do it manually.

The thing is...can't understand why it needs a validated EMS license.

I already use Hybrid AD Join so...the machines are already validated.

Hello everyone and greetings from Portugal!

After some time I'm getting into this topic again :)
I'll do some testing this week with Azure Hybrid Join Windows 10 devices and try to enroll them with Intune but...I still would like to understand how can I add them to Intune during our staging.
What I mean with this, is that for the moment we have a group of people that are responsible to prepare the machines for the final users, so they will login on the machines. This way it's their users that will be "affected" to the device in Intune....right?

Hello! @Diogo Sousa 

 

I recommend that you try to set up a provisioning solution that does not require IT administrators to logon to the device to do the final "touch".

 

It is recommended to let the final end-user be the first user to logon to the device to make sure settings and apps related to the specific end-user applies. 

 

Do you use Windows Autopilot today?

 

//Nicklas

Hi Diego,

I would direct you back to my original response where I linked to ‘autopilot self deploying mode’ for your shared devices, for your devices only used by one user, look at autopilot user enrolment. These articles cover all of the questions that you have asked regarding enrolment.

There is no requirement to log into the device before your users do. Providing the device has been added to autopilot, the device will enrol, display status pages to inform them of progress before being ready for use. No IT interaction is required.

There is a technology called ‘white glove’ which can shorten this process further if you have lots of applications etc to deploy. However I suggest you familiarise yourself with autopilot before moving onto white glove autopilot.

Hope this helps.

Chris

Hi NicklasAhlberg thanks for your reply!

At this phase our staging is not yet mature enough to use Autopilot. That's why I was asking about this.
So..basically, without SCCM/MECM and without Autopilot, if I want the devices to appear in Intune, I need that the final user login to that device so I can appear i Intune?