Forum Discussion

Brass Contributor

Feb 14, 2019

Intune for Windows 10 issue

Hi all, I managed to set up Intune for my Windows 10 PCs. So basically they get auto enrolled with their work account, the Terms and conditions appears etc, however the MDM and Compliant are Non...

mobile device management (mdm)

Brass Contributor

Feb 15, 2019

Thanks - I managed o configure autopilot and it seems to have worked well as now its appearing under devices. What I can't seem to find is how to restrict the device from connecting to anything linked to O365 unless its enrolled.

Oliver Kieselbach

MVP

Feb 15, 2019

Exactly you need to use Conditional Access for this and "require device to be marked as compliant"

To complete the picture you should have a compliance policy to define what makes a device compliant.

best,

Oliver

BENT17
Brass Contributor
Feb 15, 2019
Thanks guys, I realised that when trying to enrol via autopilot and I am a normal user I don't get enrolled. If I log in with an admin account then I do get enrolled. This doesnt make sense as I am not going to grant all my users admin privileges.

Any ideas?
- Swaminathan_Arumugam
  Brass Contributor
  Feb 15, 2019
  Hi,
  
  This is not the case, even if you are enrolling as standard user in autopilot the device should get enrolled in Azure AD. Check if the user has valid license assigned and also Automatic MDM enrolment is configured all users or group of users.
  - BENT17
    Brass Contributor
    Feb 15, 2019
    With normal user the Device appears in Azure AD devices. With admin account it appears in Azure AD Devices and under All devices where I can then manage the device.
- Oliver Kieselbach
  MVP
  Feb 15, 2019
  There is no functionality to block this in regards of admin or normal user. You can restrict enrollment to AAD groups so an implicit restriction only. Please check your auto enrollment settings again (see post above) and verify that your "normal" user has an assigned Intune license.

Resources