Windows 10 Azure AD Join Automatic Intune Enrollment using Microsoft Endpoint Manager Intune | Azure AD? In this post, I will provide you with the experience of Windows 10 1703 (RS2) Azure AD join and automatic MDM (Intune) enrollment.
As you see in the above video tutorial, the real-time experience of Windows 10 1703 Azure AD join and Intune auto-enrollment.
Latest Posts – Windows 10 Intune Enrollment Manual Process AAD Registration (anoopcnair.com) & Intune Company Portal Setup for Personal Windows 10 Device Intune Enrollment Options
Windows 10 1703 is the latest version of the Windows 10 production build. This is also called as Red Stone 2(RS2) release. The Windows team has done great work to improve the Out Of Box Experience(OOBE) of Windows 10 1703. I have a previous post that explains the in-depth process of AADJ and MDM auto-enrollment, “How to Join Windows 10 1607 Machines to Domain or Azure AD“.
Sign in with Microsoft School or Work account is the first screen you will get in the Windows 10 1703 Azure AD join OOBE. There is also a note on the same screen that helps users select the account they want to use “Sign in with the username and password you use with Office 365 or business services from Microsoft”.
Yes, this is a generic kind of message. I think it would be more helpful if Microsoft could explain to the user to use their corporate account rather than using technical terms like office 365 and Business services from Microsoft.
Windows 10 Azure AD Join Automatic Intune Enrollment using Microsoft Endpoint Manager Intune | Azure AD?
Windows 10 1703 OOBE screen will give the user an option to choose a traditional domain join option. This will also allow the user to create a local user account and log in with that account. The Windows 10 1703 OOBE experience is improved a lot. Windows 10 Azure AD Join Automatic Intune Enrollment using Microsoft Endpoint Manager Intune | Azure AD?
It will ask to connect to a Wi-Fi network, and it allows the user to connect to web-based authenticated Wi-Fi routers (Not all? Need to test this further). Once connected to the internet, it will check for the latest software updates available and install it.
Windows 10 Azure AD Join Experience?
Windows 10 1703 Azure AD join is an almost fully automated process once users enter their user name and password in the OOBE mentioned above screen. The user input is required on one particular screen, which is the screen for privacy settings.
Once the user is done with Windows 10 1703 privacy settings, the device will get automatically logged with the user name and password. Is it a new SSO for Windows 10 1703 Azure AD join? You can confirm the AAD Join from the Settings – Accounts section in Windows 10 1703.
Windows 10 MDM Intune Auto Enrollment Experience
Once the Windows device is Azure AD joined, it should automatically get enrolled in Intune management. You should have enabled the MDM auto-enrollment option in your Azure AD to get this experience. In my experience with Windows 10 1703, I got the encryption policy popup from Intune compliance policy within a few minutes of the first login to the device.
The user can also check the Intune enrollment from School or Work Account section in Windows 10 settings menu. There is a change in the GUI of the Windows 10 MDM stack with respect to School or Work account settings. There is no manage tab in the Windows 10 work account added to the device. Don’t worry about that because that is a new design for Windows 10 1703. Windows 10 work/school account setting has only two tabs: Info and Disconnect.
How do you manually sync or check for the new Intune policies in Windows 10 1703 device? The option is to click on Settings – Accounts – Access Work or School Account – Info – Sync. This will initiate an immediate policy sync with Intune services in the cloud. And intern, the user’s Windows 10 device will receive the latest policies from Intune.
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…