I’ve explained the manual process of Windows 10 Intune enrollment for BYOD scenario. In the post, you will how to manually join Windows 10 1809 device to Azure AD. Yes, you can perform Windows 10 Azure AD join manually.
Helpful Post – Learn Intune Device Management (Intune Starter Kit)
NOTE! – Manual Intune enrollment process is explained in my previous post https://www.anoopcnair.com/windows-10-intune-enrollment-manual-process/
Prerequisite Checks – Before Windows 10 Azure AD Join
The following is the recommendation which you should look into before trying to Windows 10 Azure AD Join and enroll into Intune. Windows 10 Azure AD join scenario is used mostly for CYOD scenarios.
- Intune, Azure AD subscription, setup, and configuration should be completed
- EMS or M365 or Any other relevant license should be assigned to the corporate ID which you are going to use for Windows 10 Intune enrollment
- The user might need administrator access to enroll the Windows 10 device into Intune
- Register the CNAME if you are using a custom domain (not required if you are using .ONMICROSOFT.com ID as I showed in this post and video)
How to Join Azure AD from Windows 10 Device
In this section, you are going to see how to Join Window 10 device to Azure AD. In this video guide, you will see how to perform Windows 10 Azure AD join and Intune enrollment.
Check out the following link if you are wondering what is the difference between Azure AD Registration & Azure AD join.
The following steps will help you to complete the Azure AD join. The following steps are the manual process to add Windows 10 1809 devices into Azure AD.
- Login to Windows 10 with an Administrator account
- Go to Start and click Start Menu -> Settings
- Select Accounts > Access work or school
- Click on Join this Device to Azure Active Directory link from Alternate Actions
- Enter Corporate Email ID and Password
- Click on Next to start the Azure AD registration process
- Click on JOIN button from the popup Windows Make sure this is your organization.
- Click on DONE button to Finish Windows 10 Azure AD Join process
How to Enroll Windows 10 Devices Automatically into Intune?
You can manually enroll Windows 10 devices into Intune using the method which I explained in my previous blog post here.
I have explained the Windows 10 automatic Intune enrollment process in this video tutorial. So the Automatic Intune enrollment process should be done from the Azure portal. I have a more detailed process in the previous post here.
NOTE! – You might need to have global admin/appropriate access to set this Intune auto-enrollment up from Azure portal.
- Login to Azure portal
- Go to Azure AD Blade
- Select the Mobility (MDM and MAM)
- On the Applications blade, you would be able to see Microsoft Intune. Click on Microsoft Intune
- Select the any of the 3 three (Windows 10 Auto Enrollment) options from the configurations blade
- None – Default – If this option is selected, then Windows 10 Intune Auto Enrollment is DISABLED
- Some – If this option is selected, then Windows 10 Intune Auto Enrollment is allowed only for a group of Azure AD users
- All – If this option is selected, then Windows 10 Intune Auto Enrollment is allowed for All Azure AD users in your tenant
- Click on Save button to complete the process
NOTE! – You can also use Group Policy (Auto MDM Enrollment with AAD Token) to enroll Windows 10 1709 or later Windows 10 Devices to Microsoft Intune.
Video – Windows 10 Intune Manual Enrollment Process
I have explained the manual Intune enrollment process in my previous blog post here. I have some the same in the below video.
Results – Windows 10 Azure AD Join and Intune Enrollment
You can check the status of your Windows 10 Azure AD join and Intune Manual enrollment from two places.
The First place to look at the results is the Windows 10 Settings page.
Settings>Accounts > Access work or school. Check whether you can see the Azure AD Joined Windows 10 Device and It’s also Intune Enrolled. Following are the two connections I could see.
- Connected to Default Directory MDM (Intune Enrolled)
- Connected to Default Directory’s Azure AD (Windows 10 Azure AD Joined)
Second place to look at the results of Windows 10 Azure AD Join is from Azure AD portal – Users or Devices pane or Intune blade.
Check whether you (as admin) can see whether the device is Azure AD Joined and MDM enrollment (Intune managed).