Windows 10 automatic enrollment on a new device

Brass Contributor



I have Windows 10 automatic enrollment for new computers that join the Domain. If i have a newly installed device and login to it after a while the join is completed and the device is now in Intune. What i wonder is if there is any way to force the join process with for example powershell without have to go trough the process of going into "Settings > Accounts" to login and registering the device that way with the users account as this process takes a but of time and wait.

3 Replies



Are these computers Hybrid Azure AD Joined (in your local Active Directory and Azure AD)?  If so the following article explains how to use a GPO to enroll existing devices: Enroll a Windows 10 device automatically using Group Policy - Windows Client Management | Microsoft ...


If the devices are not in your local Active Directory, when the device is joined to Azure AD, it will automatically enroll, and is considered a corporate-owned device.

When a user adds a new work or school account, the device is not joined but registered to Azure AD.  The enrollment considers this a personally-owned (BYOD) device.


If either of the second two scenarios are what you need, let me know if a reply.


Reference: Intune enrollment methods for Windows devices - Microsoft Intune | Microsoft Docs


They are Hybrid Azure AD Joined with a GPO and i wonder if there is any faster way to make this happen then just wait or logging in with the users credentials under "accounts". running a gpupdate /force is not helping either.
best response confirmed by michaelsjodin (Brass Contributor)



Aside from the troubleshooting steps in the article, make sure the account signing on to Windows is synchronized to Azure AD and has permissions to auto-enroll devices.  The scheduled task created by the GPO uses that account for authentication.


In my lab, I have had cases where a user did not sign on during the 24 hour period the scheduled task runs for and had to wait until the GPO refreshed and created the task again.  In those cases, a gpupdate /force worked so long as the user had local administrator permissions.


Other than that, you wait.