How to Configure Automatic Intune MDM Enrollment from Azure Portal

You must have already seen the new Azure portal and if you have not seen it here is video post. There is an option in old classic Azure portal to setup Automatic Intune MDM enrollment for Windows 10 devices. Similar option is available in new Azure portal with new names and new look. More details about Windows 10 Intune Auto Enrollment Process is explained in this post.

Introduction

The Intune Auto Enrollment option will help you to perform two (2) things.

• First, whenever a Windows 10 device is joined to Azure AD, then the device will automatically get enrolled into Intune for MDM Management.
• Second, the allowed users in MDM user scope group can enroll devices in to Intune.

More Details about Intune Auto enrollment using Group Policy is explained in the following document here. And the Quick Start guide for Windows auto enrollment document here.

NOTE! – For Windows 10 BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.

Windows 10 Intune Auto Enrollment Process

Following is the place where you can set MDM enrollment configuration in new Azure portal. When your MDM User scope is set to None then none of the enrolled devices get the proper policies and those devices won’t work as expected. More details in the video here.

The simplest option is to specify “all users” in the MDM user scope so that all the users in your organization can enroll their devices into Intune. Windows 10 devices will be automatically enrolled to Intune when the users perform Azure AD Join.

This option can be managed by user groups. When you want to provide a specific group of users an ability to enroll their devices into MDM/Intune, this is the place to configure that user group. Click on SOME option in the MDM User scope and select the user group you want to provide access.

From the same place, you can perform a granular or phase wise approach to move users to new MDM management. There are 3 URL options in this blade, you can configure these URLs as per your MDM vendor.

Video Windows 10 Intune Auto Enrollment Process

Windows 10 Airwatch Mobileiron Auto Enrollment Process?

In case your devices are managed by Airwatch or Mobileiron then you can specify those URLs. All the URLs are automatically configured in the new Azure portal for Intune MDM. There are 3 different URLs in this blade.

1. MDM Terms of use URL – The URL of the terms of use endpoint of the MDM service

https://portal.manage.microsoft.com/TermsofUse.aspx

2. MDM Discovery URL – This is the URL of the enrollment endpoint of the MDM service. The enrollment endpoint is used to enroll devices for management with the MDM service. The URL given below is the Intune enrollment endpoint URL.

https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc

3. MDM Compliance URL – This is the URL of the compliance endpoint of the MDM service. When a user is denied access to a resource from non-compliance device.URL can navigate to this URL hosted by Intune service in order to understand why their device is considered non compliant. Users can also initiate self service remediation so their device become compliant and they can continue to access resources.

https://portal.manage.microsoft.com/?portalAction

So where is the option in new Azure portal to configure MDM auto enrollment setting for Windows 10 devices and MDM enrollment for rest of the devices (Android, iOS and MacOS). Following is the place where you can configure Intune MDM enrollment option –  Microsoft Azure – Mobility (MDM and MAM).

Windows 10 Intune Auto Enrollment Process Screen capture.

 Reference Link :-

Windows 10, Azure AD and Microsoft Intune: Automatic MDM enrollment powered by the cloud! – here