Dec 17 2019 05:22 AM
Hi All
What is the best way to enroll existing / live / already in use Azure AD Joined W10 devices into Intune?
I have tried deep linking and get a privileges error.
Info greatly appreciated
Dec 18 2019 01:51 AM
Dec 18 2019 02:00 AM
Dec 18 2019 04:01 AM
This section, Work or School, is already connected to Azure AD when the devices were Azure AD Joined
Dec 18 2019 08:43 AM
There is many way to enroll Windows 10 devices intune, the best simple way is use SCCM abd Comanagement when you already have PC enrolled in SCCM.
In this blog (https://microscott.azurewebsites.net/2018/08/31/managing-windows-10-with-intune-the-many-ways-to-enr...) you have all different ways to enroll the a Windows 10 computer in Intune
Regards,
Julien
Jun 03 2020 09:12 AM
@StuartK73HI Stuart did you work this out? I am having same issues as you trying to enrol devices in to Intune. Advice appreaciated
Jun 03 2020 01:18 PM
I am in same boat. I have over 5k computers, joinned with AAD. No on premise servers, all clouds, neither has SCCM.
Deep link will give user permission issue. The only way I found that you visit each user desk, unjoined with AAD and rejoined, during rejoined it will give user local admin rights. Plus, you need to know local admin rights.
What a painful and totally unprofessional way to get in InTune. Feel the Intune Pain...
Jun 04 2020 12:27 AM
Jun 04 2020 07:03 AM
@Thijs Lecomte totally understand what you have said. If your Intune is setup enrolled for AllUsers and you joined AAD with user, it will automatically enrolled to Intune.
But if you didn't configure Intune, devices will only joined AAD as shown below.
Now you mentioned i can enroll into Intune without unjoined\rejoined AAD, looking at picture below, like to know How?
Jun 04 2020 07:38 AM
In the Access work/school account you can enroll into MDM only.
I just tested this in my lab and it works great
Jun 04 2020 07:55 AM
@Thijs Lecomte Do users needs to be local admin? or can user without admin permission able to execute this? I have about over 5k computers, is there automatically like powershell i can enroll?
Jun 04 2020 08:00 AM
Jun 04 2020 08:10 AM
@Thijs Lecomte we can't give every user to admin permission, My auditor will yell at me and i don't think any corporation will be able to give local admin rights to users. So enrollment would failed here..
Can a separate user account with local admin (not a login user)enroll this while user (non admin) login
Jun 04 2020 10:00 AM
Jun 04 2020 10:07 AM
@Thijs Lecomte This is the reason i had mentioned above that Intune enrollment is unprofessional and not acceptable. How many corporates will give users to local admin rights to enroll Intune? If your corporate does, good luck with compliance and Auditors.
Why not create right click on endpoint.microsoft.com on devices and select to enroll MDM device? or with powershell?
otherwise it is total Failure...
Jun 04 2020 10:34 AM
Jun 04 2020 10:43 AM
@Thijs Lecomte How??
Microsoft came out and we move all computers AAD (there is no onpremise or sccm left)..
Now want to enroll all devices to Intune....how ? without giving user local admin
Jun 04 2020 10:57 AM
Jun 04 2020 12:28 PM
@Thijs Lecomte I see big failure here if MS won't change this. This would be lack of security and compliance of many companies especially with financial companies. I think i would suggest my company to look for 3rd party MDM solution...good luck everyone.