cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intune Enrollment for Remote Users - No VPN - No Local Admin

Spirali
Copper Contributor

‎May 26 2021 09:55 PM

‎May 26 2021 09:55 PM

Intune Enrollment for Remote Users - No VPN - No Local Admin

Trying to find a way to get devices enrolled with Endpoint Manager without the need for local admin or VPN. Does anyone have suggestions on how to get devices enrolled during this time of remote work? everything i have checked on either requires connection to the local network or local admin.

 

Help is greatly appreciated.

 

What i have done:

 

- Setup AutoPilot profile

- Imported test device

- Connected work account through Store App

- Installed Company Portal

- Attempted enrollment (fail, no local admin)

 

I tested this yesterday and it seemed to work by adding the autopilot profile but today i cant get it to work at all.  Do any of you have suggestions on how to handle enrollment of 

 

Unsure if autopilot profile assignment will force devices to enroll or not.

 

I tested the above yesterday and it seemed to work but today when i tried to reverse engineer what i did, nothing seems to work.

 

Thanks

4,624 Views
0 Likes
8 Replies
Reply
8 Replies
Rudy_Ooms_MVP

‎May 26 2021 11:00 PM

‎May 26 2021 11:00 PM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

Hi

Could you explain it a little bit better?
Are the devices already azure ad joined or domain joined or standonline devices. Can't tell for sure when I am reading your question.
Do you only want the devices to azure ad joined and enrolled into intune? Or only registered and enrolled into intune?

Autopilot is only used/triggered when you reset/wipe a device before the oobe screen

Local admin permissions are needed when you manually want to enroll your device into intune by usng the company app

https://docs.microsoft.com/en-us/troubleshoot/mem/intune/no-permission-to-enroll-windows-devices

You can use this option as it uses the local system account:

https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network


0 Likes
Reply
Spirali

‎May 26 2021 11:04 PM

‎May 26 2021 11:04 PM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

Devices are remote domain joined devices. they do not have VPN are not in the office and are not AAD Joined. Hybrid Join is something we are rolling out but again that requires direct LoS of the Domain Controllers for the SCP.

What i need is a way to get the devices that are remote and not connected to the network enrolled in Intune. This is to be able to push out the SCCM client to them with the CMG configuration. I know there are ways to get the SCCM Agent installed (primarily by directly contacting the users or by having the devices on the network).

The issue we have is that the devices will not have VPN and will not have local admin access. I am trying to find options to get them enrolled without the VPN or Local admin.
0 Likes
Reply
Rudy_Ooms_MVP

‎May 27 2021 03:22 AM - edited ‎May 27 2021 04:22 AM

‎May 27 2021 03:22 AM - edited ‎May 27 2021 04:22 AM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

Hi,

-IS there any important data on the devices. IS it okay to reset/wipe the devices

 

-You are telling you want to enroll the devices into Intune and not in azure ad? You are also talking about Autopilot

 

So  if you only want to enroll them into Intune 

https://www.ntweekly.com/2018/12/14/enroll-windows-10-devices-to-intune-without-azure-ad/


-Do the devices have a local admin account that can be used?

 

 

 

0 Likes
Reply
Spirali

‎May 27 2021 07:33 AM

‎May 27 2021 07:33 AM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

@Rudy_Ooms_MVP 

 

I appreciate your reply but as i noted the users do not have local admin.  I noted this many times and what i am looking for is a solution that will allow for enrollment of the device without wiping and with minimal impact to the users.  

0 Likes
Reply
Rudy_Ooms_MVP

‎May 27 2021 07:40 AM

‎May 27 2021 07:40 AM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

Hi,
Of course, i have read the users do not have local admin permissions :) , but I didn't read there were no local admin users at all. Do you want them to enrol in Intune only or do you want them also to join Azure Ad and Intune
0 Likes
Reply
Spirali

‎Jun 02 2021 01:26 PM

‎Jun 02 2021 01:26 PM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

Chatted with one of my buddies that works at MS and he confirmed that Local admin is required to manually enroll a device with Endpoint Manager. thanks for the replies
0 Likes
Reply
Rudy_Ooms_MVP

‎Jun 02 2021 10:23 PM

‎Jun 02 2021 10:23 PM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

HI,

Now you know why I was a little bit hammering on the question about local admins :) .. Nice to hear you have the final answer now
0 Likes
Reply
Spirali

‎Jun 03 2021 07:41 AM

‎Jun 03 2021 07:41 AM

Re: Intune Enrollment for Remote Users - No VPN - No Local Admin

oh i get it, i was basically trying to see if anyone in the community had found a way around this requirement. its really a pain with Covid and all the people that are working remote. Appreciate the replies though.
0 Likes
Reply