Forum Discussion
clients autoenroll without user input
Hallo, all our clients are joined to an active directory. Is there a way to enroll Intune MDM on this devices without user input? To connect our AD into Azure AD we use ad connect. Thanks for ...
Is the clients hybrid Azure AD joined?
If so, do a local GPO:
- Navigate to Computer Policy > Administrative Templates > Windows Components > MDM
- Enable the MDM Autoenrollment Policy
JT
jenstfThanks for your good answer
How I can bring the clients to Azure AD joined?
I do not want do disconnect the clients form the internal AD Domin.
Edit: Is this the right way https://docs.microsoft.com/de-de/azure/active-directory/devices/hybrid-azuread-join-managed-domains ?
Hey,
You need to do 3 things at a high level.
- Configure Azure AD Connect for Azure AD Hybrid Join using the Azure AD Connect wizard
- Enable āRegister domain-joined computers as devicesā via Group Policy under
Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration.
- Set a GPO to enrol on-prem devices (Windows 10) into Intune MDM
Create a (GPO) and enable theComputer Configuration > Policies > Administrative Templates > Windows Components > MDM > Enable automatic MDM enrollment using default Azure AD credentials
Here is a good starting block for point 1 and 2:
https://www.adamfowlerit.com/2018/08/azure-ad-hybrid-joined-devices-overview/Point 3
Yes, that article is a good starting point and with Hybrid AAD enabled you are on your way to get rid of the stuff on the ground and move to the sky :D
