Let’s learn how to create enrollment notifications in Intune MEM Admin portal. Set up enrollment notifications in Microsoft Intune to notify users of newly enrolled devices.
Starting with Intune Service release 2209, IT admins can create a custom message and include information in the notification about how to report an unrecognized device. Intune delivers enrollment notifications via email or push notifications.
With the addition of enrollment notifications on Windows, Android or Apple devices, an administrator can send a customized email notification to an end user’s email account upon a new enrollment. They can also send a push notification that will appear in an enrolled Android or iOS/iPadOS Company Portal app.
End users will then be asked to verify the enrollment and, if suspicious, it can be reported from the notification. The Enrollment Notifications improve security by notifying users if someone enrolls a device with their credentials.
This feature for Set up enrollment notifications is in public preview. You can test and use these features in your environments and provide feedback. Enrollment notifications work on devices running Android, iOS/iPadOS, macOS and Windows 10/11.
- Use ServiceUI with Intune to Bring SYSTEM Process to Interactive Mode
- Intune Win32 App Deployment Toast Notification | User Experience
Configure Device Enrollment Notifications in Intune
The following steps provide you with details on how to create enrollment notifications in the Intune MEM portal. To create an enrollment notification, you must be a Global Administrator or Intune Administrator.
- Sign in to the Microsoft Endpoint Manager admin center https://endpoint.microsoft.com/
- Navigate to Devices > Enroll device to select the platform you want to create enrollment notifications for.
Under Enroll devices, you can select the options for Windows enrollment, Apple enrollment, or Android enrollment. Here I am selecting Windows enrollment and Select Enrollment notifications (preview).
Click on +Create notifications. In Basics, configure Name: Enter a descriptive name for the notification. Name your notifications so you can easily identify them later. Description: Enter a description for the notification.
Note – Enrollment notifications only work with user-driven enrollment methods.
In Notification settings, configure the notification messages. The options for push notifications are:
- Send Push Notification: Flip the switch On to enable and create a push notification.
- Subject: Enter the subject of the enrollment notification.
- Message: Enter your message, explaining the purpose of the notification. The character limit is 2000.
Email notification – Please enter Subject, Message. The options for email notifications are:
- Send Email Notification: Flip the switch On to enable and create an email notification.
- Subject: Enter the subject of the enrollment notification.
- Message: Enter your message. The character limit is 2000.
- Raw HTML editor: Flip the switch On to enable HTML formatting.
It should also be noted that email notifications will allow administrators to have some control over customization, with the ability to add HTML and branding so the notification doesn’t look suspicious to end users. The push notifications will only have a subject and message to configure.
You can apply your tenant’s branding and customization settings to email notifications. The options for branding and customization are:
- Show company logo: Flip the switch On to make your organization’s logo visible in the email header. This option becomes available after you’ve configured Company Portal branding in your tenant.
- Show device details: Flip the switch On to make the following device details visible in the footer of the email:
- Device name
- Model
- OS
- OS version
- Serial number
- Show company name: Flip the switch On to make your organization’s name visible in the footer of the email. The tenant value is automatically populated.
- Show contact information: Flip the switch On to show your organization’s contact information. The tenant value is automatically populated.
- Show Company portal website link: Flip the switch On to show a link to the Company Portal website. The tenant value is automatically populated.
Let’s understand how Intune Company Portal Branding Customization works. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android.
Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the application. Click on Next.
Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.
In Review + create, review the notification details, and then select Create.
Enrollment notifications are sent out to assigned groups when enrollment is triggered. Return to Enrollment notifications (preview) to view and edit notifications, or change priority level.
Here’s what an enrollment notification looks like to a device user. You can customize the text and details based on your requirement later. You will receive an email from [email protected].
hi Jitesh,
I’m testing this since last week, and for now i’m mitiged.
most of the time, a wronf device name is sent, i’m using it with hybrid join, my device name is APXXXXXXXX, and the name in email is DESKTOP-XXXXX.
also, some of the time, the only information in email is device name, not the rest.
Could i’ve done something wrong ?
It is not working on DEP devices ,Android – COPE and fully managed devices
Is there a way to also notify admins of the enrolment or only the users?
Tested with a spare iPhone and worked as expected.
Ppic, this is because the device name is not set until the user is logged in.