User Profile
RonFixedIt
Copper Contributor
Joined Jan 17, 2020
User Widgets
Recent Discussions
Re: MDM vs MAM Windows Auto Enrollment
Thank you Rudy. Does it clear it up? Sort of. I noted in your matrix -which is appreciated - that you don't show a 'hybrid join' device. In any case, MSFT in all it's wisdom (cough cough) has once again over complicated what seems to be a simple thing. Just tell us that MAM configured to NONE here is valid when you are NOT intending to use any Windows BYOD devices. Otherwise, you can allow 'ALL' (with no impact to 'Corp' devices in MDM), or "Some" and specify some group of users who actually may want to use their personal Windows devices which can have their apps managed (WIP). I was not confused at all that this setting is for Windows devices only, but I can see where that can happen. Thank you again for your feedback. Caso cerrado (case closed).1.8KViews0likes0CommentsRe: Intune AzureAD auto MDM enrollment blocked by also allowing MAM?
Nope - once again - clear as mud in MSFT documentation. Of course we're now in 2023 and all things are not equal. So, I posted a similar question today on this topic. In fact, I read that MDM takes preference over MAM when same users are assigned (or assigned ALL) if the device is CORPORATE and we have blocked PERSONAL devices under the Enrollment Device Restriction settings. Say what????875Views0likes0CommentsMDM vs MAM Windows Auto Enrollment
Greetings - I have a question on the setting of Windows Automatic Enrollment in Intune. First, understanding that Windows Autopilot REQUIRES that the MDM auto-enroll be set as enabled but should it be "SOME" or "ALL"? Any reason we wouldn't allow "ALL" here for corporate owned Windows PC's? Second, I have seen documentation where the MAM setting is set to "NONE". We do not want any personal/BYOD Windows devices in Intune. However, that is also BLOCKED by the Enrollment Device Platform Restrictions set to "BLOCK" personal devices. I have also read MSFT documentation on WIP and/or App Protection Policies, which seem to indicate that the setting for MAM should be enabled - set to Some or All. In addition, MSFT states that by default, Windows auto-enrollment using MDM would take preference if both settings are targeting the same users. Thanks MSFT - it's as clear as mud in your documentation. Can someone clarify? Again - we do not want personal Windows devices enrolling, and no BYOD MAM scenario for Windows PC's. We DO want to enable App Protection Policies however, so what is the recommended setting for MAM then? Thanks!
Recent Blog Articles
No content to show