cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tech Community Live: Microsoft Intune
Jun 22 2023, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Azure AD P1 and Autopilot question

KVS
Occasional Contributor

‎Sep 23 2020 01:34 PM

‎Sep 23 2020 01:34 PM

Azure AD P1 and Autopilot question

We are looking to try autopilot with Azure AD only as well as hybrid AD join. Want to understand all the licensing requirements for Azure AD, Intune and Autopilot. Is it possible to run a Autopilot in production with limited number of Azure AD Premium P1 licenses. We do not have Azure AD P1 for enterprise only few licenses .

1) Will it be possible to reclaim these Azure AD P1  licenses and assign to another set of machines after autopilot process is complete.

2) Without Azure AD PP1 what functionality do we loose with respect to Intune and autopilot in production environment.

3) Do we need to enabled Device Write back in Azure AD connect, when is it needed?

Labels:
4,588 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Mark O'Shea (MVP)
Mark O'Shea

‎Sep 23 2020 09:35 PM

‎Sep 23 2020 09:35 PM

Solution

Re: Azure AD P1 and Autopilot question

Hi VK

1) The AAD licenses would be assigned to users, not devices. Licenses can be reassigned, but you would need to ensure that users aren't leveraging any other capabilities of AADP P1 prior to the licenses being revoked and then losing those features as well.
2) The biggest initial benefit you get by adding AADP P1 to Autopilot is that the devices will automatically enroll with Intune after performing the AAD Join, rather than it being an extra manual step. This means that if a device reset is performed, and the AAD P1 license isn't assigned to the user, the device will be AAD Joined, but not Intune managed until that is addressed separately.
3) https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback has more details, but two of the main scenarios are WHfB with hybrid certs. and CA via ADFS. Others may have some additional use case scenarios
1 Like
Reply
KVS

‎Sep 24 2020 06:12 AM

‎Sep 24 2020 06:12 AM

Re: Azure AD P1 and Autopilot question

@Mark O'Shea  Hi Mark , Thank you for the detailed responses. We are looking to use Azure AD P1 and Intune only for Auotpilot process. Once the Auotpilot process is complete and the SCCM client is installed on the machine, I was thinking the ongoing licensing requirement may be covered by the  SCCM co-management license. Please suggest if you see any issues with this approach.

0 Likes
Reply
Lewis-H

‎Sep 24 2020 06:33 AM

‎Sep 24 2020 06:33 AM

Re: Azure AD P1 and Autopilot question

Azure AD Premium P2 license is assigned on per user basis. If only 100 users wants to use the premium features, license needs to be assigned to only those 100 users and not to all 200 users.

For guest users, you need to maintain 5:1 which means, if guest users want to use Premium P2 features, you don't need to assign 5 licenses to 5 guest users. You just need to assign 1 license to any of those 5 guest users. If 10 guest users want to use Premium feature, assign license to only 2 guest users out of those 10 users, in order to stay compliant.
1 Like
Reply
Mark O'Shea

‎Sep 24 2020 12:24 PM

‎Sep 24 2020 12:24 PM

Re: Azure AD P1 and Autopilot question

@KVS 

 

If you aren't enabling other AADP P1 scenarios, I think this would work for the enrolment, but longer term hopefully there are other things in P1 that you can leverage which means it will be rolled out for everyone. 

Normally I would recommend creating groups based on licensing, but in your case I think the slight delays of the dynamic groups being updated when licenses are reassigned might be a problem, so I would just stick to assigning users to the groups. 

1 Like
Reply