SOLVED

Struggling with Enrolling Win Laptop to Intune

Brass Contributor

Hi all,

 

I've been trying to start palying with Intune to get some experience with it. However, I'm struggling with the very first step - enrolling my Win 11 laptop to Intune.

 

The laptop is a company laptop that is domain joined. There is no Sync between on prem AD and Azure AD. We also have O365 E3 and users were manually created there... so when connecting to O365, I'm using different credentials - not the ones that I use to log in to Windows. I have Intune license assigned to me.

 

Now, I have enabled  "Automatic Enrollment" in Endpoint Manager to "SOME" for MDM and MAM and selected a "testing group" that I'm the member of. I was expecting that as soon as I connect to any O365 app (outlook/mailbox, teams, for example), my laptop will be enrolled in Intune..... However it is not. I was able to enroll Android phone so should be working....

 

Doing some research, I've found that I should have an account (under Access work or School) in Windows that is showing I'm connected to AZ AD, but I can see only one showing that I'm connected to on-prem AD. When I try to add another one, for AZ AD, I get a message that "somehting gets wrong and I may already bee connected to an organization; or device is already managed by organization". And indeed it is, as I am using that connection for emails, onedrive, etc... and I can see that connection as "work or school account" there as well.

 

What should I do see my laptop in Intune?

 

 

3 Replies
best response confirmed by MiSum83 (Brass Contributor)
Solution
If you have no Azure AD Connect synchronization from your on-premise Active Directory to Azure and you haven't configured Hybrid Join.. Then you can't enroll your current Active Directory joined device to Intune.

If you have no requirement of your machine being a member of Active Directory, then you can join a Workgroup and try again :) If you do need Active Directory membership, follow this atricle. https://docs.microsoft.com/en-us/azure/active-directory/devices/plan-device-deployment#hybrid-azure-...

I see... I thought that might be the issue.... Thanks for confirmation.... I don't want to create a "hybrid" .... in fact, I want to get rid of on-prem AD and use AZ AD only instead... ..So as you advised, I just change to Workgroup and then try to connect via AZ AD... :)

cool... thanks.....

 

PS: just a quick question - will I loose anything when switching to Workgroup and then AZ AD? I mean, apps, docs and the which are in my current profile when joined to AD

Your user profile will still be there in your users folder, your account will be admin if you join azure ad. But it's always a good idea to have a backup in place :thumbs_up:
1 best response

Accepted Solutions
best response confirmed by MiSum83 (Brass Contributor)
Solution
If you have no Azure AD Connect synchronization from your on-premise Active Directory to Azure and you haven't configured Hybrid Join.. Then you can't enroll your current Active Directory joined device to Intune.

If you have no requirement of your machine being a member of Active Directory, then you can join a Workgroup and try again :) If you do need Active Directory membership, follow this atricle. https://docs.microsoft.com/en-us/azure/active-directory/devices/plan-device-deployment#hybrid-azure-...

View solution in original post