Home

clients autoenroll without user input

%3CLINGO-SUB%20id%3D%22lingo-sub-726787%22%20slang%3D%22en-US%22%3Eclients%20autoenroll%20without%20user%20input%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-726787%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3EHallo%2C%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3Eall%20our%20clients%20are%20joined%20to%20an%20active%20directory.%20Is%20there%20a%20way%20to%20enroll%20Intune%20MDM%20on%20this%20devices%20without%20user%20input%3F%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3ETo%20connect%20our%20AD%20into%20Azure%20AD%20we%20use%20ad%20connect.%20%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3EThanks%20for%20your%20help%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%20color%3D%22%23000000%22%20face%3D%22Calibri%22%3EStefan%20%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-726787%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-727534%22%20slang%3D%22en-US%22%3ERe%3A%20clients%20autoenroll%20without%20user%20input%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-727534%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20the%20clients%20hybrid%20Azure%20AD%20joined%3F%3C%2FP%3E%3CP%3EIf%20so%2C%20do%20a%20local%20GPO%3A%3C%2FP%3E%3CUL%3E%3CLI%3ENavigate%20to%20Computer%20Policy%20%26gt%3B%20Administrative%20Templates%20%26gt%3B%20Windows%20Components%20%26gt%3B%20MDM%3C%2FLI%3E%3CLI%3EEnable%20the%20MDM%20Autoenrollment%20Policy%3C%2FLI%3E%3C%2FUL%3E%3CP%3EJT%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-730174%22%20slang%3D%22en-US%22%3ERe%3A%20clients%20autoenroll%20without%20user%20input%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-730174%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F364308%22%20target%3D%22_blank%22%3E%40jenstf%3C%2FA%3EThanks%20for%20your%20good%20answer%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20I%20can%20bring%20the%20clients%20to%20Azure%20AD%20joined%3F%3C%2FP%3E%3CP%3EI%20do%20not%20want%20do%20disconnect%20the%20clients%20form%20the%20internal%20AD%20Domin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20Is%20this%20the%20right%20way%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fde-de%2Fazure%2Factive-directory%2Fdevices%2Fhybrid-azuread-join-managed-domains%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fde-de%2Fazure%2Factive-directory%2Fdevices%2Fhybrid-azuread-join-managed-domains%3C%2FA%3E%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-730689%22%20slang%3D%22en-US%22%3ERe%3A%20clients%20autoenroll%20without%20user%20input%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-730689%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20that%20article%20is%20a%20good%20starting%20point%20and%20with%20Hybrid%20AAD%20enabled%20you%20are%20on%20your%20way%20to%20get%20rid%20of%20the%20stuff%20on%20the%20ground%20and%20move%20to%20the%20sky%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-732850%22%20slang%3D%22en-US%22%3ERe%3A%20clients%20autoenroll%20without%20user%20input%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-732850%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24406%22%20target%3D%22_blank%22%3E%40Stefan%20Kie%C3%9Fig%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHey%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20need%20to%20do%203%20things%20at%20a%20high%20level.%3C%2FP%3E%3COL%3E%3CLI%3EConfigure%20Azure%20AD%20Connect%20for%20Azure%20AD%20Hybrid%20Join%20using%20the%20Azure%20AD%20Connect%20wizard%3C%2FLI%3E%3CLI%3EEnable%20%E2%80%9C%3CSTRONG%3ERegister%20domain-joined%20computers%20as%20devices%3C%2FSTRONG%3E%E2%80%9D%20via%20Group%20Policy%20under%26nbsp%3B%3CBLOCKQUOTE%3E%3CEM%3EComputer%20Configuration%20%26gt%3B%20Policies%20%26gt%3B%20Administrative%20Templates%20%26gt%3B%20Windows%20Components%20%26gt%3B%20Device%20Registration.%3C%2FEM%3E%3C%2FBLOCKQUOTE%3E%3C%2FLI%3E%3CLI%3E%26nbsp%3BSet%20a%20GPO%20to%20enrol%20on-prem%20devices%20(Windows%2010)%20into%20Intune%20MDM%3CBR%20%2F%3ECreate%20a%20(GPO)%20and%20enable%20the%3CBLOCKQUOTE%3EComputer%20Configuration%20%26gt%3B%20Policies%20%26gt%3B%20Administrative%20Templates%20%26gt%3B%20Windows%20Components%20%26gt%3B%20MDM%20%26gt%3B%20Enable%20automatic%20MDM%20enrollment%20using%20default%20Azure%20AD%20credentials%3C%2FBLOCKQUOTE%3E%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20a%20good%20starting%20block%20for%20point%201%20and%202%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.adamfowlerit.com%2F2018%2F08%2Fazure-ad-hybrid-joined-devices-overview%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.adamfowlerit.com%2F2018%2F08%2Fazure-ad-hybrid-joined-devices-overview%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPoint%203%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hallo,

all our clients are joined to an active directory. Is there a way to enroll Intune MDM on this devices without user input?

To connect our AD into Azure AD we use ad connect.

 

Thanks for your help

Stefan

4 Replies

Is the clients hybrid Azure AD joined?

If so, do a local GPO:

  • Navigate to Computer Policy > Administrative Templates > Windows Components > MDM
  • Enable the MDM Autoenrollment Policy

JT

 

@jenstfThanks for your good answer

 

How I can bring the clients to Azure AD joined?

I do not want do disconnect the clients form the internal AD Domin.

 

Edit: Is this the right way https://docs.microsoft.com/de-de/azure/active-directory/devices/hybrid-azuread-join-managed-domains ?

Yes, that article is a good starting point and with Hybrid AAD enabled you are on your way to get rid of the stuff on the ground and move to the sky :D

@Stefan Kießig 

 

Hey,

 

You need to do 3 things at a high level.

  1. Configure Azure AD Connect for Azure AD Hybrid Join using the Azure AD Connect wizard
  2. Enable “Register domain-joined computers as devices” via Group Policy under 
    Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration.
  3.  Set a GPO to enrol on-prem devices (Windows 10) into Intune MDM
    Create a (GPO) and enable the
    Computer Configuration > Policies > Administrative Templates > Windows Components > MDM > Enable automatic MDM enrollment using default Azure AD credentials

 

Here is a good starting block for point 1 and 2:
https://www.adamfowlerit.com/2018/08/azure-ad-hybrid-joined-devices-overview/

 

Point 3

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies