Forum Discussion
Intune for Windows 10 issue
Hi all,
I managed to set up Intune for my Windows 10 PCs. So basically they get auto enrolled with their work account, the Terms and conditions appears etc, however the MDM and Compliant are None and N/A.
Auto enrolment works fine. When you log onto intune you can see the Azure connected device, however even though the device appears, under the MDM and compliant columns they are listed as None and N/A. I can't even manage the PC..
Can someone shed some light on this as I am completely lost
Just an update. I managed to enrol my device however I had to install the company portal to enrol my device. I was under the impression that Windows 10 has it imbuilt and you dont need to stay downloading the Company portal?
This is true, the company portal app is not required for enrollment. Auto-enrollment occurs with the first sign-in after the following 'Enable automatic MDM enrollment using default Azure AD credentials' is applied to a hybrid-joined computer or with AutoPilot when going through the OOBE. I may have changed my Intune column set but I never see anything referring to an "Azure-connected device." Are you looking at the Intune portal (devicemanagement.microsoft.com) or Azure Active Directory?
Also, I don't know how long you have waited, but the Azure AD Device entry takes some time (hours?) to update to show "managed" and "compliant" in my experience.
Was looking at portal.azure.com
Hi,
you wrote you managed to enroll the device using Company Portal, then it seems that your Auto Enrollment is not working like it should. You need to configure Auto Enrollment correctly then you don't need the company portal for successful enrollment. Just enable the MDM scope and leave the MAM scope at None otherwise MAM will take precedence.
For official documentation see here:
https://docs.microsoft.com/en-us/intune/windows-enroll
and here the important advice:
For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
best,
Oliver
- Thanks - I managed o configure autopilot and it seems to have worked well as now its appearing under devices. What I can't seem to find is how to restrict the device from connecting to anything linked to O365 unless its enrolled.
I have added a work account to multiple Windows 10 v1803 machines running Office 365 Pro Plus, and everything worked. Currently, we require BitLocker encryption and a password for the local account before the device is compliant.
I had my first machine today that would not cooperate. After adding the company portal, it worked. I haven't isolated the exact problem yet, but there were two main differences with the machine:
1. It is running the Office 2016 MSI installation of Pro Plus
2. The user had previously created a PIN for use with fingerprint, and was not requested to create a PIN and change the local account password at the time of adding the work account. I have seen the requirement to set a PIN and change the local account password on all of the other Windows 10 machines where a work account was added and the company portal was not installed.
If I can isolate the culprit, I'll reply back unless someone else responds indicating what may be the cause.
We're a little different from other orgs in that SCCM is still our MDM authority, but removing all of the user policy in SCCM seems to kick the user over to Intune standalone. The user requiring the Windows 10 company portal was already in Intune standalone with a compliant android device. It was kind of strange because the Windows 10 machine requiring the company portal was not appearing in Intune, SCCM, or on the Exchange device list. However, the Windows 10 machine did appear under the user's device list in Azure with no MDM, the way it does when SCCM is managing the device. The Windows 10 device listing in Azure had a compliance status of "N/A", which I haven't seen before.
