Microsoft Endpoint Manager – Windows 10 Enrollment Methods Overview

In this post we continue our step-by-step series on Microsoft Endpoint Manager and Microsoft Intune.

We’ve covered basic configuration of Intune, user account creation and synchronization so we’re ready to enroll our Windows 10 devices into Intune. We already configured automated MDM enrollment in Intune which means users can enroll their devices and every computer joined to Azure Active Directory (or Azure AD registered for Bring Your Own Device scenario) and it will be automatically enrolled into Intune.

There are a lot of ways to enroll a Windows 10 computer. Let me provide an overview of all of them first.

Device Enrollment Manager is an account with extended permissions allowing bulk enrollment and management up to 1000 corporate-owned devices. This account should be used for enrolling non-personal corporate devices in Intune before giving computers to end users. Intune supports up to 150 Device Enrollment Manager (DEM) accounts.

Co-management scenario enables MECM clients to be managed by both management systems – Configuration Manager and Intune at the same time. During co-management configuration in MECM you can choose which clients you want to enroll into Intune – all, none or specific collection as a pilot group.

Windows Autopilot is a cloud service helping you to pre-provision new devices with a freshly installed operating system. Autopilot enables you, during OOBE, to join a computer in Azure AD, auto-enroll a device into Intune, and apply required configuration policies, settings and applications from Intune.

Hybrid Azure AD join scenario enables on-premise AD joined computers to join Azure AD as well. Then you can manage your corporate devices not only by group policies, but also by Intune configuration profiles.

These methods require a lot of configurations and will be described in the next articles. Let me explain in detail other methods that are simpler.

You can join your computer in Azure AD during the setup process. First, you need to provide your corporate credentials and click Next:

Provide your password and click Next:

Change the privacy settings if needed and click Accept:

Now you can logon with your work account:

By default, if it is not disabled, you will need to configure Windows Hello:

You can configure a PIN or skip it and finish it later.

Go to Windows Settings:

Then go to HomeAccountsAccess work or school:

We successfully joined our Windows 10 into Azure AD. Also, you can open Azure AD console, go to Devices and find our computer enrolled into Intune:

In the next article I will show how to manually enroll a device if the operating system is already installed.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.