Windows 10 Intune Enrollment Process BYOD Scenario

In this post, you will be able to learn the Windows 10 Intune enrollment Process (manual). I have noticed that the manual Intune enrollment flow is changed a lot.

It’s a different experience for end-users when manually enrolling their personal Windows 10 devices to Intune.

You will need to go through a slightly different Windows 11 Bring Your Device enrollment process. More details on Windows 11 Intune Enrollment Process.

Company Portal BYO Enrollment optionIntune Company Portal Setup for Personal Windows 10 Device Intune Enrollment Options

Patch My PC

Helpful PostLearn Intune Device Management (Intune Starter Kit)

NOTE! – Manual process is explained in this post. Azure AD MDM Auto-Enrollment is NOT enabled for my tenant. The manual process of enrolling into Intune is not the best practice.

Windows 10 Azure AD Join Manual Process is explained in the following post https://www.anoopcnair.com/windows-10-azure-ad-join-manual-process-cyod/

Prerequisite Checks – Before Windows 10 Intune Enrollment

The following is the recommendation that you should look into before enrolling a Windows 10 BYO device to Intune. You will enroll in a personal device configured with your email id.

Adaptiva
  • Intune, Azure AD subscription, setup, and configuration should be completed.
  • EMS or M365 or Any other relevant license should be assigned to the corporate ID that you are going to use for Windows 10 Intune enrollment
  • The user might need administrator access to enroll the Windows 10 device into Intune.
  • Register the CNAME if you are using a custom domain (not required if you are using .ONMICROSOFT.com ID, as I showed in this post and video)

Windows 10 Intune Enrollment Steps

This section will see how to enroll Windows 10 BYOD devices into Microsoft Intune. You shall complete Azure AD registration as I explained in the above paragraph (this is not a mandatory step).

I think Windows 10 Intune enrollment will automatically take care of Azure AD registration (you can skip the AAD registration step – if you want). The following steps will help you to complete Windows 10 Intune Enrollment.

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school
  • Click on Enroll Only in Device Management
  • Enter your Corporate Email and Password (Wait for some time to allow Windows to complete the Intune enrollment)
  • If the Intune Enrollment is successful, it will come back with a “Setting up your device” popup window.
  • Click on Got It button to complete Windows 10 Intune Enrollment (I would recommend going ahead and doing SYNC)

Register Windows 10 Device to Azure AD

In this section, you will see how to register to Azure AD as part of Windows 10 Intune enrollment. Check out the following link if you wonder what the difference is between Azure AD Registration & Azure AD join.

Follow the steps to register the Windows 10 BYOD device with Azure AD. The Intune enrollment is explained in the below section of this blog and the video.

Several more Windows environment scenarios. You might be able to skip this AAD registration step and directly go to Intune enrollment section of this post (I didn’t test that scenario yet).

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school > Connect
  • Enter Corporate Email ID and Password
  • Click on Done to complete the Azure AD registration process

Check – Confirm AAD Registration

You can go ahead and confirm whether your device is Azure AD registered. You can check this AAD registration using the following steps.

  • Select Settings >Accounts > Access work or school > Connect
  • Click on added Work or School Account
  • Click on Manage Your Account Link, and this link redirects to the below screen, and you can confirm whether AAD Registered (Workplace Joined).

Note! – You can also check Windows 10 Azure AD Registration (Workplace Join) from the Azure AD portal.

Results-Windows 10 Intune Enrollment BYOD

You can check the status of your Windows 10 Intune enrollment and Azure AD registration from two places.

User View

The first place to look at the results is the Windows 10 Settings page. Settings >Accounts > Access work or school.

Check whether you can see the Intune enrollment and Azure AD registration. Following are the two connections I could see.

  • Connected to Default Directory MDM (Intune Enrolled)
  • Work or School Account (Azure AD Registered)

Admin View

The second place to look at the results of Windows 10 Intune Enrollment is from the Azure AD portal – Users pane or Intune blade.

Check whether you (admin) can see whether the device is Azure AD registered and MDM enrollment (Intune managed).

Extra Tip

Microsoft documentation is not up to date with Windows 10 1809 GUI and options. So I would recommend testing the above-mentioned method on your test machines and confirm whether it works for your version of Windows 10.

Windows 10 Intune Enrollment Process BYOD Scenario 6

Resources

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with over 17 years of experience (calculation done in 2018). He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…..…

5 thoughts on “Windows 10 Intune Enrollment Process BYOD Scenario”

  1. Hi Anoop – Not clear on CNAME registration. I believe CNAME is required to simplify the Automatic enrollment without Azure AD Premium license. Do we need to have CNAME even with the AAD premium license? Please advise

    Reply
  2. Thanks so much for this post. I was tearing my hear out trying to find out how to enrol a workgroup device in Intune MDM and not only Intune MAM. MAM is the first step, ‘connect work or school’, MDM then comes at ‘enroll only in device management’. I had to do the first before the second or it gave me an error.

    Reply
  3. Help please

    I set up work or school account, it goes through, i then try to set up MDM by going through the same options and I’m getting

    Something went wrong, here are some possible reasons.

    Your device is already connected,
    we couldn’t auto discover a management endpoint matching the username entered please check your username and try again If you know the URL to your management endpoint Please enter it.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.