Onboarding Devices from AAD to Intune (and beyond...)

Copper Contributor

Ok y'all...  Here's the scenario:


I want to automatically have devices that are Domain-Joined/Registered in AAD, enroll into Intune and then from there, automatically enroll into Microsoft Defender for Endpoint.  Whether the environment is previously existing (ie, an environment upgrading from another subscription to M356 Business Premium), or a brand new tenant.  I want to be able to set up Users, Groups, Devices, etc. in AAD, and have those devices enrolled into Intune automatically and then into Defender.  


I have the settings in place to allow devices in Intune to automatically enroll into Defender but the crux is that I can't figure out how to get the devices from AAD into Intune.  


Is Windows Autopilot what I need?  Logically, I think it is.  But all material I find online for autopilot is related to new OEM devices....not existing ones.


So, is it as simple as looking past this and then making an Autopilot group is AAD, then applying Autopilot to the group from Intune?  Is it that simple?  No one has published an article, posted a YouTube video, or posted in this forum on how to accomplish this?  Do I need to hone my Google skills?  Or am I out to lunch?


Thanks, y'all

1 Reply

Hi Jfre,

Understanding your scenario, you have two types of Devices, Domain Joined device and Azure AD registered. Correct?

The easier way for is to:

Domain Joined device - Enroll them as Hybrid Azure AD Joined. You new few perquisites but then you can use gpo to enroll many devices.


2. Azure AD registered Devices: There is no straight forward way to enroll them to Intune. You either Domain Join the devices, enroll them hybrid and then enroll to Intune using GPO. Or use Auto Pilot bulk enrollment but you still need to wipe them to OOBE.



Or enroll manually by going to Setting-Accounts.

Hope this helps!