Let’s discuss Intune Supported Enrollment Methods for Windows, iOS, Android, MacOS, Linux, and ChromeOS devices. Intune supported enrollment method is the 3rd part of Intune Design Decision.
The Intune Design Decisions training comprises a collection of 13 videos that are all conveniently bundled within the Intune Design Decisions Free Training Version 1 Starter Kit Basic post. If you like to explore these videos and delve deeper into the topic, click the provided hyperlink to access the comprehensive training package.
Intune offers a range of options for device enrollment in Intune for different device platforms such as Windows, iOS, iPad OS, Mac OS, Linux, Chrome, Android, etc. In this post, we will delve into the concepts of user-driven versus IT-driven enrollments and automatic enrollments. We will explore the various options available for your organization and discuss the supported enrollment methods.
By understanding these distinctions, you can make informed decisions regarding the best enrollment approach to adopt within your organization. This article aims to provide valuable insights and guidance on choosing the most suitable enrollment methods to manage and secure your devices in the Intune environment effectively. In the Enrollment methods, we will chat on autopilot, Zero Touch, ABM, etc.
- List of Supported Intune Application Types
- Intune Integration Scenarios 1st 2nd 3rd Party Integration Experiences
What are the Different Enrollment Options?
Different enrollment options include Autopilot, Zero Touch, Company portal, Hybrid Azure AD/Azure AD join, ABM, and co-management. The most popular Intune enrollment option is Autopilot because most corporate devices are Windows devices, and most are moving into modern management.
What is Device Enrollment in Intune?
Device Enrollment is the process of getting the devices into Intune management.
In this post, you will see Personal Vs. Corporate Devices and you will also see the User Driven Vs.—IT Driven scenarios.
Intune Supported Enrollment Methods Windows iOS Android MacOS Linux ChromeOS – Video
The Intune Design Decision video comprehensively covers various design decisions, specifically on the Intune parameter. Throughout the video, you will gain valuable insights into various considerations and choices related to designing and configuring Intune for optimal device management and security.
Windows User-Driven Enrollment Options
In the Windows User Driven Enrollment Options, we are talking about the Windows platform. The Windows user-driven enrollment options are Autopilot, Install company portal, MDM-only enrollment, and Azure AD join. The below table shows the User-driven enrollment options.
If your organization is fine with user-driven enrollments or sales self-service enrollments to empower the users, then you can look into these 4 enrollment options in Intune.
| Device Platform | Enrollment Options | User Driven | User Interaction | IT Driven |
|---|---|---|---|---|
| Windows | Autopilot | Yes | Yes | No |
| Windows | Install company portal | Yes | Yes | No |
| Windows | MDM-only enrollment | Yes | Yes | No |
| Windows | Azure AD join | Yes | Yes | No |
Windows IT Admin-Driven Enrollment Options
The Windows IT Admin-driven enrollment options such as Hybrid Azure AD Join – GPO Settings, SCCM Co-Management Options, Device Enrollment Manager (DEM), Bulk Enroll using WCD, Enrolling Windows IoT Core devices with WCD and USB. The below table shows the Windows IT Admin-Driven Enrollment Options.
| Device Platform | Enrollment Options | User-Driven | User Interaction | IT Driven |
|---|---|---|---|---|
| Windows | Hybrid Azure AD Join – GPO Settings, | No | No | Yes |
| Windows | SCCM Co-Management Options | No | No | Yes |
| Windows | Device Enrollment Manager (DEM) | No | No | Yes |
| Windows | Bulk Enroll using WCD | No | No | Yes |
| Windows | Enrolling Windows IoT Core devices with WCD and USB | No | No | Yes |
Supported Windows Intune Enrollment Methods
Let’s see User-driven and IT–driven enrollment methods. The below list shows all the supported enrollment methods for the Windows platform. This includes different supported scenarios, such as whether Reset of Windows Devices is required or not, whether User Affinity will be there or not if you use a particular Windows Enrollment method, MDM Profile Removable option would be available for Windows Enrollment methods.
The Windows Intune Enrollment method includes the following.
- Bring-your-own-device (BYOD)
- Device enrollment manager
- Automatic enrollment via MDM
- Automatic enrollment via Group Policy
- Windows Autopilot
- Bulk enrollment
- Co-management with Microsoft Intune and Configuration Manager
| Method | Reset Required | User Affinity | MDM Profile Removable |
|---|---|---|---|
| Bring-your-own-device (BYOD) | No | Yes | Yes |
| Device enrollment manager | No | No | Yes |
| Automatic enrollment via MDM | No | Yes | Yes |
| Automatic enrollment via Group Policy | No | Yes | Yes |
| Windows Autopilot | Yes | Yes | Yes |
| Bulk enrollment | No | No | Yes |
| Co-management with Microsoft Intune and Configuration Manager | No | Yes | Yes |
Supported iOS/iPadOS Intune Enrollment Methods
Let’s check the Supported iOS/iPadOS Intune Enrollment Methods. Bring-your-own-device (BYOD) is a very popular option in iOS. Setup Assistant enrollment via USB is another important method.
- Bring-your-own-device (BYOD)
- Device enrollment manager
- Apple Automated Device Enrollment
- Setup Assistant enrollment via USB
- Direct enrollment via USB
| Method | Reset Required | Use Affinity | MDM Profile Removable |
|---|---|---|---|
| Bring-your-own-device (BYOD) | No | Yes | Yes |
| Device enrollment manager | No | No | Yes |
| Apple Automated Device Enrollment | Yes | Optional | Optional |
| Setup Assistant enrollment via USB | Yes | Optional | Yes |
| Direct enrollment via USB | No | No | Yes |
Advantages of using iOS/iPadOS – Automatic Enrollment using ABM and ASM
Let’s discuss the Advantages of using iOS/iPadOS – Automatic Enrollment using Apple Business Manager (ABM) Enrollment and Apple School Manager (ASM) Enrollment. Before deciding on personal and corporate types of devices, you want to know the differences between personally managed devices and corporate devices or supervised mode vs. personal mode.
The below window will help you with this and provide the correct details.
Shared iPadOS/iOS device Intune Enrollment Methods
Another important design decision you want to make is with shared iOS and iPad OS devices and their enrollment. The screenshot below gives you many details about the shared iPad shared device mode and different scenarios. The Shared iPadOS/iOS device Intune Enrollment methods such as supported device types, minimum device requirements, etc.
The Temporary session without signing in is not applicable in Shared Device Mode. Shared iPad shows that the “Temporary sessions that do not require a managed Apple ID or password are allowed by default. Temporary sessions can be allowed or blocked by Intune policy.”
Intune Supported macOS Intune Enrollment Methods
Let’s get into Intune Supported macOS Intune Enrollment methods. Intune Supported macOS Intune Enrollment methods such as Bring-your-own-device (BYOD), Device enrollment manager, and Apple Automated Device Enrollment. The theme of the enrollment method is similar to iOS and iPad OS. Personal enrollment is supported.
| Method | Reset required | User Affinity | MDM Profile Removable |
|---|---|---|---|
| Bring-your-own-device (BYOD) | No | Yes | Yes |
| Device enrollment manager | No | No | Yes |
| Apple Automated Device Enrollment | Yes | Optional | Optional |
Intune Enrollment Android Devices with Different Management Options
Android devises Intune enrollment options are a bit more complex because they have different scenarios. The management of Android devices is also more complex, and the enrollment options are wider.
The Android Enterprise includes the options such as Android Enterprise personally owned with a work profile, Android Enterprise dedicated CYO, Android Enterprise fully managed CYO, and Android Enterprise corporate-owned with a work profile BYO/CYO.
Android device administrator – Android Enterprise or Google Mobile Services (GMS) is unavailable. Android device administrator includes Samsung Knox Standard devices and Zebra devices.
Android Intune Enrollment
These are the actual enrollment options for Android devices. Intune enrollment options for Android devices. You can use a QR code to enroll Android devices in Intune. The Android Intune Enrollment includes the following.
- QR code
- Device enrollment manager (DEM) with Company Portal
- User-initiated with Company Portal
- Near-field communication (NFC)
- Token entry
- Google zero-touch enrollment
Linux Intune Enrollment
Linux Intune Enrollment is the manual user enrollment method that is the only supported method by installing Intune app, which is similar to Intune company portal app. So Intune app installation will get supported Linux devices into Intune enrollment. The table below shows the options, such as the feature and the use of this enrollment option.
ChromeOS Intune Enrollment Options
The Chrome OS device management is done from the google workspace admin side of things. The devices are managed from that front, but Intune portal can get all the details of those devices and initiate remote actions on those Chrome OS devices.
Step 5 – Enroll devices in Microsoft Intune | Microsoft Learn
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.