In this post we continue our step-by-step series on Microsoft Endpoint Manager and Microsoft Intune.
We’ve covered basic configuration of Intune, user account creation and synchronization so we’re ready to enroll our Windows 10 devices into Intune. We already configured automated MDM enrollment in Intune which means users can enroll their devices and every computer joined to Azure Active Directory (or Azure AD registered for Bring Your Own Device scenario) and it will be automatically enrolled into Intune.
There are a lot of ways to enroll a Windows 10 computer. Let me provide an overview of all of them first.
Device Enrollment Manager is an account with extended permissions allowing bulk enrollment and management up to 1000 corporate-owned devices. This account should be used for enrolling non-personal corporate devices in Intune before giving computers to end users. Intune supports up to 150 Device Enrollment Manager (DEM) accounts.
Co-management scenario enables MECM clients to be managed by both management systems – Configuration Manager and Intune at the same time. During co-management configuration in MECM you can choose which clients you want to enroll into Intune – all, none or specific collection as a pilot group.
Windows Autopilot is a cloud service helping you to pre-provision new devices with a freshly installed operating system. Autopilot enables you, during OOBE, to join a computer in Azure AD, auto-enroll a device into Intune, and apply required configuration policies, settings and applications from Intune.
Hybrid Azure AD join scenario enables on-premise AD joined computers to join Azure AD as well. Then you can manage your corporate devices not only by group policies, but also by Intune configuration profiles.
These methods require a lot of configurations and will be described in the next articles. Let me explain in detail other methods that are simpler.
You can join your computer in Azure AD during the setup process. First, you need to provide your corporate credentials and click Next:
Provide your password and click Next:
Change the privacy settings if needed and click Accept:
Now you can logon with your work account:
By default, if it is not disabled, you will need to configure Windows Hello:
You can configure a PIN or skip it and finish it later.
Go to Windows Settings:
Then go to Home – Accounts – Access work or school:
We successfully joined our Windows 10 into Azure AD. Also, you can open Azure AD console, go to Devices and find our computer enrolled into Intune:
In the next article I will show how to manually enroll a device if the operating system is already installed.
