SOLVED

Update Windows 10 on Azure AD registered devices

%3CLINGO-SUB%20id%3D%22lingo-sub-2593585%22%20slang%3D%22en-US%22%3EUpdate%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593585%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20have%20computers%20which%20are%20Azure%20AD%20registered.%3C%2FP%3E%3CP%3EI%20would%20like%20to%20use%20Intune%20to%20update%20Windows%2010%20(1909)%2C%20software%20and%20firmware%20using%20Microsoft%20Intune.%3C%2FP%3E%3CP%3EI've%20read%20a%20lot%20of%20article%20from%20Microsoft%20but%20I%20can't%20find%20anything%20that%20can%20precisely%20explain%20how%20to%20proceed.%20All%20that%20i%20find%20is%20a%3C%2FP%3E%3CP%3EIs%20that%20even%20possible%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20help%20and%20feel%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2593585%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593789%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593789%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EStill%20wanted%20to%20write%20a%20blog%20about%20this%20process%2C%20because%20just%20like%20you%20noticed%20the%20documentation%20is%20somehow%20a%20little%20bit%20missing.%3CBR%20%2F%3EYou%20could%20change%20this%20setting...%20not%20sure%20if%20it%20also%20works%20on%20registered%20devices%20instead%20of%20azure%20ad%20joined%20devices.%20(autoenrollmdm%20reg%20key)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EGroup%20Policy%20Management%20Editor%20and%20navigate%20to%20Administrative%20Templates%20%26gt%3B%20Windows%20Components%20%26gt%3B%20MDM%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20like%26nbsp%3B%20I%20am%20mentioning%20in%20a%20blog%20of%20my%20own%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2020%2F05%2Fintune-auto-mdm-enrollment-for-devices-already-azure-ad-joined%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EWe%20need%20to%20talk%20about%20auto%20MDM%20enrollment%20for%20devices%20already%20Azure%20AD%20joined%20(call4cloud.nl)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eor%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fuser-help%2Fenroll-windows-10-device%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnroll%20Windows%2010%20device%20in%20Intune%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20of%20course%20please%20make%20sure%20you%20have%20configured%20your%20dns%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593773%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593773%22%20slang%3D%22en-US%22%3EThanks%20Rudy.%20Your%20link%20is%20super%20useful%20and%20more%20comprehensive%20than%20MS%20article.%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3EAs%20my%20devices%20are%20registered%20in%20Azure%20AD%20already%20%2C%20is%20it%20enough%20to%20configure%20the%20MDM%20user%20scope%3F%20The%20computer%20will%20enroll%20automatically%20after%20that%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593766%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593766%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftamilkovan.com%2F2021%2F02%2F13%2Fwindows-10-intune-enrollment-azure-ad-joined-azure-ad-registration%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftamilkovan.com%2F2021%2F02%2F13%2Fwindows-10-intune-enrollment-azure-ad-joined-azure-ad-registration%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593759%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593759%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20they%20devices%20are%20not%20enrolled%20into%20intune%20yet.%20That%20would%20be%20the%20first%20step%20to%20manage%20those%20devices.%20If%20you%20take%20a%20look%20at%20the%20picture%20i%20send%20you%2C%20you%20will%20notice%20in%20which%20group%20the%20user%20needs%20to%20be%20to%20azure%20ad%20registered%20and%20enrolled%20into%20intune%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593756%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593756%22%20slang%3D%22en-US%22%3EHi%20Gerald%2C%3CBR%20%2F%3EThanks%20for%20your%20feedback.%3CBR%20%2F%3EDo%20you%20have%20an%20article%20explaining%20this%3F%20Maybe%20I%20missed%20it.%3CBR%20%2F%3EMAM%20would%20no%20be%20useful%20as%20fat%20as%20I%20understand%20(it%20will%20mostly%20manage%20apps%2C%20right%3F).%3CBR%20%2F%3EThanks%20again.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593754%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593754%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms%3C%2FA%3E%26nbsp%3BHi%20Rudy.%20No%2C%20the%20devices%20are%20not%20enrolled%20yet.%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593689%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593689%22%20slang%3D%22en-US%22%3EYou%20cannot%20manage%20devices%20with%20InTunes%20as%20long%20as%20they%20are%20only%20Azure%20AD%20registered.%3CBR%20%2F%3EThe%20devices%20need%20to%20be%20InTunes%20joined%2Fmanaged%20if%20you%20want%20to%20managed%20them%20over%20InTunes.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2593685%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20Windows%2010%20on%20Azure%20AD%20registered%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2593685%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377776%22%20target%3D%22_blank%22%3E%40DomAnnicette%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20just%20to%20have%20some%20background%20info%20are%20the%20devices%20already%20enrolled%20into%20Intune%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Rudy_Ooms_0-1627460145251.png%22%20style%3D%22width%3A%20667px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298900iC1C86690EAC3E5AA%2Fimage-dimensions%2F667x259%3Fv%3Dv2%22%20width%3D%22667%22%20height%3D%22259%22%20role%3D%22button%22%20title%3D%22Rudy_Ooms_0-1627460145251.png%22%20alt%3D%22Rudy_Ooms_0-1627460145251.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

I have computers which are Azure AD registered.

I would like to use Intune to update Windows 10 (1909), software and firmware using Microsoft Intune.

I've read a lot of article from Microsoft but I can't find anything that can precisely explain how to proceed. All that i find is a

Is that even possible? 

Thanks for your help and feel 

 

8 Replies

@DomAnnicette 

 

Hi, just to have some background info are the devices already enrolled into Intune? 

 

Rudy_Ooms_0-1627460145251.png

 

You cannot manage devices with InTunes as long as they are only Azure AD registered.
The devices need to be InTunes joined/managed if you want to managed them over InTunes.

@Rudy_Ooms Hi Rudy. No, the devices are not enrolled yet.

Thanks.

Hi Gerald,
Thanks for your feedback.
Do you have an article explaining this? Maybe I missed it.
MAM would no be useful as fat as I understand (it will mostly manage apps, right?).
Thanks again.
Hi,

As they devices are not enrolled into intune yet. That would be the first step to manage those devices. If you take a look at the picture i send you, you will notice in which group the user needs to be to azure ad registered and enrolled into intune
best response confirmed by DomAnnicette (Occasional Contributor)
Thanks Rudy. Your link is super useful and more comprehensive than MS article. :)
As my devices are registered in Azure AD already , is it enough to configure the MDM user scope? The computer will enroll automatically after that?

Hi,

Still wanted to write a blog about this process, because just like you noticed the documentation is somehow a little bit missing.
You could change this setting... not sure if it also works on registered devices instead of azure ad joined devices. (autoenrollmdm reg key)


Group Policy Management Editor and navigate to Administrative Templates > Windows Components > MDM

 

Just like  I am mentioning in a blog of my own 

 

We need to talk about auto MDM enrollment for devices already Azure AD joined (call4cloud.nl)

 

or

 

Enroll Windows 10 device in Intune | Microsoft Docs

 

And of course please make sure you have configured your dns