Forum Discussion

samcook's avatar
samcook
Copper Contributor
Jun 03, 2020

Intune deployment help

Hi there, Im new to the Intune and would like to roll out just for the laptop for now and later for cell phone and desktop. I was able to work on the azure and was able to hybrid join for the lapto...
Intune
mobile device management (mdm)
Moe_Kinani's avatar
Moe_Kinani
Bronze Contributor
Jun 04, 2020
Hi Sam,

Device Compliance Policies:

http://www.rebeladmin.com/2018/12/step-step-guide-microsoft-intune-device-compliances/

Enable Silent Bitlocker:

https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/

Bookmarks on Edge:

https://www.inthecloud247.com/controlling-managed-favorites-for-edge-with-microsoft-intune/

Install Office:

https://allthingscloud.blog/deploy-office-365-with-microsoft-intune/

Install Chrome, same principle apply for other exe or MSI files:

https://www.robinhobo.com/how-to-deploy-win32-applications-with-microsoft-intune/

Good luck!
Hope this helps!
Moe


samcook's avatar
samcook
Copper Contributor
Jun 04, 2020

Moe_Kinani 

 

Hello

 

Thank you for your reply but none of these guide shows how to manage AAD hybrid join PCs/Laptop.

 

I'd setup the Deployment profile in Intune Portal and assign it to the test computer groups but none of the PCs are showing up there.

I also add some security policies and compliance polices and not seeing delivered to the PC at all.

 

BTW, Im not testing within the domain network, I've joined the PC to domain and setup for AAD hybrid and now I want to see how can I manage that PC outside of corporate network. But none of my test PCs are showing up under Intune managed device, what Im doing wrong here ?

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Jun 04, 2020
    Hi Sam,

    The Config Policies that I sent apply to AAD and Hybrid AAD.

    In order to see your pcs in Intune devices, you need to enroll them to intune (This Applies to all existing PCs that not enrolled with AutoPilot)

    https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll

    https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

    You can also enroll the PCs manually (not from gpo) from Work or School Accounts-> I think Device Enrollment.

    I usually prefer to sync devices to AAD so I can assign the policies for Devices not users.

    Hope this helps!
    Moe
    • samcook's avatar
      samcook
      Copper Contributor
      Jun 11, 2020

      Thanks Moe,

       

      I followed your recommendations and was very helpful but still need you're help ..

       

      On my GPO policy I've setup the 'Device Credentials' which doesn't assign the MDM licenses automatically even I dynamic security group to look for AAD hybrid join and assign license.

      And If I change the GPO to 'User Credentials' It works fine and assign the licenses as soon as user logs in.

       

      But I don't was to go with the second method, I want the GPO as device credentials so devices get the MDM.

      What could be the wrong with first method ?

       

       

      • Moe_Kinani's avatar
        Moe_Kinani
        Bronze Contributor
        Jun 11, 2020
        This policy applied to Windows 10 1903 or later. My recommendation, upgrade to the latest version and it should work.

        Moe

        https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

Resources