Windows 10 1709 mdm enrollment with standard user

%3CLINGO-SUB%20id%3D%22lingo-sub-133232%22%20slang%3D%22en-US%22%3EWindows%2010%201709%20mdm%20enrollment%20with%20standard%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-133232%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20stated%20in%20the%20following%20doc%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fmobile-device-enrollment%3Ftduid%3D(6d9cfe64c7f97cbf5debb8a6d3eb4acb)(81561)(2130923)(0b00jp53b94n)()%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fmobile-device-enrollment%3Ftduid%3D(6d9cfe64c7f97cbf5debb8a6d3eb4acb)(81561)(2130923)(0b00jp53b94n)()%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20should%20be%20possible%20to%20add%20a%20Windows%2010%20device%20to%20MDM%20(Intune)%20with%20a%20standard%20user.%20If%20we%20try%20this%20we%20still%20got%20the%20message%20that%20we%20need%20to%20be%20an%20administrator.%20Anyone%20who%20has%20the%20same%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-151498%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%201709%20mdm%20enrollment%20with%20standard%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-151498%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Davy%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Edid%20you%20get%20a%20response%20to%20your%20question%3F%20There%20are%20several%20different%20ways%20on%20how%20to%20enroll%20a%20Windows%2010%20device%20and%20only%20some%20of%20them%20support%20low%20rights%20user.%20Can%20you%20share%20details%20on%20how%20you%20are%20trying%20to%20enroll%20the%20device.%3CBR%20%2F%3EFrom%20what%20I%20understand%20you%20can%20use%20provisioning%20packages%20(Bulk%20Azure%20AD%20Join)%20to%20enroll%20the%20device.%20If%20you%20apply%20the%20package%20in%20OOBE%20you%20can%20configure%20the%20user%20that%20logs%20in%20later%20to%20be%20a%20LRU.%20To%20apply%20the%20package%26nbsp%3Bfrom%20your%20desktop%26nbsp%3BI%20believe%20you%20still%20need%20to%20be%20an%20admin.%20This%20functionality%20was%20added%20in%201703.%3CBR%20%2F%3EAnother%20way%20added%20in%201709%20was%20to%20do%20this%20through%20DJ%2B%2B%20and%20GP.%20If%20the%20machine%20is%20domain%20joined%20and%20registered%20in%20AAD%20you%20can%20use%20a%20group%20policy%20to%20enroll%20the%20device%20automatically%20to%20a%20MDM.%20The%20user%20on%20the%20machine%20can%20be%20a%20LRU.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20hope%20this%20helps%2C%3CBR%20%2F%3EJohannes%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-138026%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%201709%20mdm%20enrollment%20with%20standard%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-138026%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20send%20the%20request%20to%20Mircosoft.%20But%20until%20now%20no%20answer.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-135907%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%2010%201709%20mdm%20enrollment%20with%20standard%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-135907%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20find%20an%20answer%20to%20this%20question%3F%20We%20are%20having%20the%20same%20problem%20in%20another%20project.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

As stated in the following doc https://docs.microsoft.com/en-us/windows/client-management/mdm/mobile-device-enrollment?tduid=(6d9cf...

It should be possible to add a Windows 10 device to MDM (Intune) with a standard user. If we try this we still got the message that we need to be an administrator. Anyone who has the same issue?

3 Replies

Did you find an answer to this question? We are having the same problem in another project. 

We send the request to Mircosoft. But until now no answer. 

Hello Davy,

 

did you get a response to your question? There are several different ways on how to enroll a Windows 10 device and only some of them support low rights user. Can you share details on how you are trying to enroll the device.
From what I understand you can use provisioning packages (Bulk Azure AD Join) to enroll the device. If you apply the package in OOBE you can configure the user that logs in later to be a LRU. To apply the package from your desktop I believe you still need to be an admin. This functionality was added in 1703.
Another way added in 1709 was to do this through DJ++ and GP. If the machine is domain joined and registered in AAD you can use a group policy to enroll the device automatically to a MDM. The user on the machine can be a LRU.

I hope this helps,
Johannes