How to Configure Automatic Intune MDM Enrollment from Azure AD Portal

You must have already seen the new Azure portal and if you have not seen it here is video post. There is an option in old classic Azure portal to setup Automatic Intune MDM enrollment for Windows 10 devices. Similar option is available in new Azure portal with new names and new look. More details about Windows 10 Intune Auto Enrollment Process is explained in this post.


The Intune Auto Enrollment option will help you to perform two (2) things.

  • First, whenever a Windows 10 device is joined to Azure AD, then the device will automatically get enrolled into Intune for MDM Management.
  • Second, the allowed users in MDM user scope group can enroll devices in to Intune.

More Details about Intune Auto enrollment using Group Policy is explained in the following document here. And the Quick Start guide for Windows auto enrollment document here.

NOTE! – For Windows 10 BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.

Patch My PC

Windows 10 Intune Auto Enrollment Process

Following is the place where you can set MDM enrollment configuration in new Azure portal. When your MDM User scope is set to None then none of the enrolled devices get the proper policies and those devices won’t work as expected. More details in the video here.

How to Configure Automatic Intune MDM Enrollment from Azure AD Portal 1

The simplest option is to specify “all users” in the MDM user scope so that all the users in your organization can enroll their devices into Intune. Windows 10 devices will be automatically enrolled to Intune when the users perform Azure AD Join.

1E Nomad

This option can be managed by user groups. When you want to provide a specific group of users an ability to enroll their devices into MDM/Intune, this is the place to configure that user group. Click on SOME option in the MDM User scope and select the user group you want to provide access.

From the same place, you can perform a granular or phase wise approach to move users to new MDM management. There are 3 URL options in this blade, you can configure these URLs as per your MDM vendor.

Video Windows 10 Intune Auto Enrollment Process

Watch this video on YouTube.

Windows 10 Airwatch Mobileiron Auto Enrollment Process?

In case your devices are managed by Airwatch or Mobileiron then you can specify those URLs. All the URLs are automatically configured in the new Azure portal for Intune MDM. There are 3 different URLs in this blade.

1. MDM Terms of use URL – The URL of the terms of use endpoint of the MDM service

2. MDM Discovery URL – This is the URL of the enrollment endpoint of the MDM service. The enrollment endpoint is used to enroll devices for management with the MDM service. The URL given below is the Intune enrollment endpoint URL.

3. MDM Compliance URL – This is the URL of the compliance endpoint of the MDM service. When a user is denied access to a resource from non-compliance device.URL can navigate to this URL hosted by Intune service in order to understand why their device is considered non compliant. Users can also initiate self service remediation so their device become compliant and they can continue to access resources.

How to Configure Automatic Intune MDM Enrollment from Azure AD Portal 3

So where is the option in new Azure portal to configure MDM auto enrollment setting for Windows 10 devices and MDM enrollment for rest of the devices (Android, iOS and MacOS). Following is the place where you can configure Intune MDM enrollment option –   Microsoft Azure – Mobility (MDM and MAM).

Windows 10 Intune Auto Enrollment Process Screen capture.

How to Configure Automatic Intune MDM Enrollment from Azure AD Portal 4

 Reference Link :-

Windows 10, Azure AD and Microsoft Intune: Automatic MDM enrollment powered by the cloud! – here

8 thoughts on “How to Configure Automatic Intune MDM Enrollment from Azure AD Portal”

  1. Hello Anoop, great article!
    When integrating a third party vendor like MobileIron with Azure is it also possible to use Conditional Access policies in Azure with devices that are managed by that third party MDM vendor? Or what is the benefit if that integration?
    Thank you!


    • Hey Mike – This was not possible one year back.Azure AD APIs were not publicly available to support 3rd party MDM solution. But not sure whether it’s supported now or not.

  2. I HAVE QUATION FOR Intune on my admin portal I have client list with their pc and they are in classic veiew

    and that way I manage all that pc

    Now how can I transfer all that pc to their respective azure Intune portal appreciated if you
    send me step by step processor [email protected]

  3. We are in the same boat. We have clients in the Classic Intune with the intune client installed.

    We want to move the devices to use MDM so what is the process of this.

  4. How long should it take between when you see a device enrolled in Azure AD (via an AD sync in a hybrid environment) and when that device appears in intune/MDM. Can it take a long time? Hours? Days? I have a number of devices that have enrolled in Azure AD but still haven’t shown up in MDM. It has been about 18 hours.

      • I have the group policy enabled but it doesn’t seem to be working. I have even gone into individual machines and activated the policy at the desktop level, but still no joy. I have unregistered and reregistered these PCs several times.
        Many PCs have already been registered through this process. It just seems to have stopped working or at least for the test machines I am playing with.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.