Intune enrollment with Windows devices

Brass Contributor

We have every windows devices connected to Azure AD as shown below. I have AAD group (has test users for Intune test) enrolled in Intune as shown below.

AZURE CONNECT.png

 

When i login as user (user is in user group enrolled to intune), it doesn't install company portal. In Intune, under all device, this device is not listed but listed in Asuzre AD Devices as joined type 'Azure AD joined'. Apps for company portal. Company portal listed as 'Show this as a featured app in the Company Portal' to YES..

 

What else do i need to do make intune MDM devices?

12 Replies
Have you assigned the company portal as required to a specific user/device group?

@Thijs Lecomte thnks for your quick reply.

 

Yes, i tried to assigned same group and to All users.

The only way to register MDM device (which is already Joined AAD device) is to disconnect and rejoined.

I have over 5k computers, i just can't do manually to everyone (requires lots of manual works, plus user has go through MFA setup again). Plus, these windows devices are already AAD joined so i don't need to...

Do you have a central Management in place like SCCM?

@Thijs Lecomte 

 

No i wish....what are you thinking...

So the issue that automatic enrollment wasn't enabled when the computers AAD joined right?

Now you have enabled it and want to enroll.

I was thinking of deploying a provisioning package which might solve your issues. I am not 100% sure that would work, but as you don't have any way of mass deployment it, that's not an option.

I don't see any other way than re enrolling

@Thijs Lecomte 

You might be right. But on my test, as soon as i disconnect and rejoined, it just works. What behavior changes? there got be something? Microsoft needs to invest some time here if they wants Intune to be management software for Cloud base company...

That's because the user is added to the group for automatic enrollment now and that wasn't before.
It's the only explanation.

Automatic enrollment works really well and I haven't seen it malfunction

@Thijs Lecomte 

i thought once you are already AAD joined and later you turn automatic enrollment on, devices should be in MDM...

No

That's not how it works
It only triggers it during AAD Join

So you need to manually MDM enroll

This can be done either through the deep links I posted above. Or through a registery edit: https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...
You should try creating a registery file, sending that to the users/helpdesk to execute

@Thijs Lecomte 

 

correct me if i am wrong, doesn't it requires user to be local admin rights? we don't give local admin for users due to our compliance and security

Jup, that's right
So a manual action I required