Intune deployment help

Copper Contributor

Hi there,

Im new to the Intune and would like to roll out just for the laptop for now and later for cell phone and desktop.

I was able to work on the azure and was able to hybrid join for the laptops. Now I would like to know what direction I should move or the best practice to securing my laptops with less hassle or is possible zero touch deployment ?

I would like to secure the laptops in all cases ie, check for compliance polices, make sure windows up to date, Anti Virus, enable bitlocker and also would like to push out some bookmarks and basic apps like chrome, anti virus, office 365 apps.

7 Replies
If you are getting started in Intune, check out the Intune.Training Youtube series.
It's created by MVP's which go over every aspect from Intune





Thank you for your reply but none of these guide shows how to manage AAD hybrid join PCs/Laptop.


I'd setup the Deployment profile in Intune Portal and assign it to the test computer groups but none of the PCs are showing up there.

I also add some security policies and compliance polices and not seeing delivered to the PC at all.


BTW, Im not testing within the domain network, I've joined the PC to domain and setup for AAD hybrid and now I want to see how can I manage that PC outside of corporate network. But none of my test PCs are showing up under Intune managed device, what Im doing wrong here ?

Hi Sam,

The Config Policies that I sent apply to AAD and Hybrid AAD.

In order to see your pcs in Intune devices, you need to enroll them to intune (This Applies to all existing PCs that not enrolled with AutoPilot)

You can also enroll the PCs manually (not from gpo) from Work or School Accounts-> I think Device Enrollment.

I usually prefer to sync devices to AAD so I can assign the policies for Devices not users.

Hope this helps!

Thanks Moe,


I followed your recommendations and was very helpful but still need you're help ..


On my GPO policy I've setup the 'Device Credentials' which doesn't assign the MDM licenses automatically even I dynamic security group to look for AAD hybrid join and assign license.

And If I change the GPO to 'User Credentials' It works fine and assign the licenses as soon as user logs in.


But I don't was to go with the second method, I want the GPO as device credentials so devices get the MDM.

What could be the wrong with first method ?



This policy applied to Windows 10 1903 or later. My recommendation, upgrade to the latest version and it should work.