SOLVED

MDM Compiant

Brass Contributor

Hello, i'm in my invironment and in the 1st device that I add the device was marked as "enrolled in Microsoft Intune and Compliant" but don't recognize my account as owner. on the other hand I was able to manage device and remove company data but in the second one the owner was detected but the mdm autority was not found and was not marked as compliant.

In the second machine I just put the machine in my domain.

I really would like to know if i need to add my account in workplace join to manage my device ?

And if the answer is "yes" for this question, what I can do to enroll 500 devices with windows 10 with workplace join in a automatic way ?
What I really need is to wipe data in my devices.

registro.jpg

 thanks

7 Replies

Hi Paulo,

 

to register your devices automatically in Azure AD you should follow this steps:

 

How to configure hybrid Azure Active Directory joined devices

https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devi...

 

Some additional helpful guidance about troubleshooting, features what is available what is working what is not supported see FAQ:

 

Azure Active Directory device management FAQ

https://docs.microsoft.com/en-us/azure/active-directory/device-management-faq

 

best,

Oliver

Hi Oliver,

 

Thanks for the help.

I followed all the steps in this links that you sent but I still have some windows 10 devices that doesn't enroll automatically.

I still do have to put the users as local admin and add the e-mail account to see the device in my azure as managed by Microsoft Intune:

 register.jpg

And I also use Windows Hello in my invironment but the automatic register does not work.

What I'm doing wrong ?

Thanks again

Hi Paulo,

 

when you say some do not register, are the others then registering normally and are showing MDM -> Intune?

Did you follow the Windows Hello for Business implementation guide for Hybrid Azure AD, you have to have a supported Domain Controller in the environment to successfully allow the Hybrid Azure AD joined devices to register?

Planning a Windows Hello for Business Deployment

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-plann...

 

If your majority of devices is registering successful did you try these troubleshooting tips for Hybrid Azure AD join devices?

Troubleshooting hybrid Azure Active Directory joined Windows 10 and Windows Server 2016 devices

https://docs.microsoft.com/en-us/azure/active-directory/device-management-troubleshoot-hybrid-join-w...

 

best,

Oliver

when you say some do not register, are the others then registering normally and are showing MDM -> Intune?
Yes Oliver, but I comfirmed right now that any new or old device that I add in my hybrid domain does not appear as managed by Intune.

Did you follow the Windows Hello for Business implementation guide for Hybrid Azure AD, you have to have a supported Domain Controller in the environment to successfully allow the Hybrid Azure AD joined devices to register?
Yes, I followed and Windows Hello is working fine in my environment.

If your majority of devices is registering successful did you try these troubleshooting tips for Hybrid Azure AD join devices?
As I said, I see that there's no device registering automatically.
I really need to know if I need to put my users as local administrator to Add an accout for the device appear as managed by Microsoft Intune and after this have access to wipe data in windwos 10 ?

 

That case is the same situation that i am but i really don't understand the way to manage device via Intune without admin account:

https://techcommunity.microsoft.com/t5/Windows-10/Windows-10-1709-mdm-enrollment-with-standard-user/...

So for the MDM registering you should follow this to automate the MDM enrollment task:

 

Enroll a Windows 10 device automatically using Group Policy

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

 

Regarding your Standard user problem I'm unsure. The GPO approach is using a scheduled task, so try it out. If this approach works with standard user permissions I don't know right now.

 

best response confirmed by Paulo Silva (Brass Contributor)
Solution

Hi Oliver, 

Now it worked!

 

configure.jpg

I was pointing my windows hello GPO with MDM GPO for a group of users and not for a group of Machines as showed at the image.

 

Thanks again for the help!

 

I'm happy that I could help you out and I'm glad to hear that it works now! 👍

1 best response

Accepted Solutions
best response confirmed by Paulo Silva (Brass Contributor)
Solution

Hi Oliver, 

Now it worked!

 

configure.jpg

I was pointing my windows hello GPO with MDM GPO for a group of users and not for a group of Machines as showed at the image.

 

Thanks again for the help!

 

View solution in original post