How to Configure Automatic Intune MDM Enrollment in New Azure Portal

In new Azure portal, the MDM options are more streamlined and structured. All the MDM integrations are done from the same place. Even if you want to integrate with Airwatch or Mobileirion!

2
Advertisement

You must have already seen the new Azure portal and if you have not seen it here is video post. There is an option in old classic Azure portal to setup Automatic Intune MDM enrollment for Windows 10 devices. Similar option is available in new Azure portal with new names and new look. This option will help us to perform two things. First, whenever a Windows 10 device is joined to Azure AD then that device will automatically get enrolled in Intune. Second, the allowed users in MDM user scope group can enroll devices to Intune. Following is the place where you can set MDM enrollment configuration in new Azure portal. When your MDM User scope is set to None then none of the enrolled devices get the proper policies and those devices won’t work as expected. More details in the video here.

The simplest option is to specify “all users” in the MDM user scope so that all the users in your organization can enroll their devices into Intune. Windows 10 devices will be automatically enrolled to Intune when the users perform Azure AD Join. This can be managed by user groups. When you want to provide a specific group of users an ability to enroll their devices into MDM/Intune, this is the place to configure that user group. Click on SOME option in the MDM User scope and select the user group you want to provide access.

From the same place, you can perform a granular or phase wise approach to move users to new MDM management. There are 3 URL options in this blade, you can configure these URLs as per your MDM vendor. In case your devices are managed by Airwatch or Mobileiron then you can specify those URLs. All the URLs are automatically configured in the new Azure portal for Intune MDM. There are 3 different URLs in this blade.

1. MDM Terms of use URL – The URL of the terms of use endpoint of the MDM service

https://portal.manage.microsoft.com/TermsofUse.aspx

2. MDM Discovery URL – This is the URL of the enrollment endpoint of the MDM service. The enrollment endpoint is used to enroll devices for management with the MDM service. The URL given below is the Intune enrollment endpoint URL.

https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc

3. MDM Compliance URL – This is the URL of the compliance endpoint of the MDM service. When a user is denied access to a resource from non-compliance device.URL can navigate to this URL hosted by Intune service in order to understand why their device is considered non compliant. Users can also initiate self service remediation so their device become compliant and they can continue to access resources.

https://portal.manage.microsoft.com/?portalAction

So where is the option in new Azure portal to configure MDM auto enrollment setting for Windows 10 devices and MDM enrollment for rest of the devices (Android, iOS and MacOS). Following is the place where you can configure Intune MDM enrollment option –  Microsoft Azure – Mobility (MDM and MAM).

 Reference Link :-

Windows 10, Azure AD and Microsoft Intune: Automatic MDM enrollment powered by the cloud! – here

2 COMMENTS

  1. Hello Anoop, great article!
    When integrating a third party vendor like MobileIron with Azure is it also possible to use Conditional Access policies in Azure with devices that are managed by that third party MDM vendor? Or what is the benefit if that integration?
    Thank you!

    Mike

    • Hey Mike – This was not possible one year back.Azure AD APIs were not publicly available to support 3rd party MDM solution. But not sure whether it’s supported now or not.

LEAVE A REPLY

Please enter your comment!
Please enter your name here