Windows 10 Intune Enrollment Process BYOD Scenario

2
Windows 10 Intune Enrollment - Azure AD Registration Process
BYOD - Windows 10 Intune Enrollment - Azure AD Registration Process

I have noticed that the manual Intune enrollment flow is changed a lot. It’s a different experience for end users when they are manually enrolling their personal Windows 10 devices to Intune. In this post, you will be able to learn the Windows 10 Intune enrollment Process (manual).

Helpful PostLearn Intune Device Management (Intune Starter Kit)

NOTE! – Manual process is explained in this post. Azure AD MDM Auto Enrollment is NOT enabled for my tenant. The manual process of enrolling into Intune is not the best practice.

Windows 10 Azure AD Join Manual Process is explained in the following post https://www.anoopcnair.com/windows-10-azure-ad-join-manual-process-cyod/

Prerequisite Checks – Before Windows 10 Intune Enrollment

The following is the recommendation which you should look into before trying to enroll a Windows 10 BYO device to Intune. You are going to enroll a personal device which is configured with your personal email id.

  • Intune, Azure AD subscription, setup, and configuration should be completed
  • EMS or M365 or Any other relevant license should be assigned to the corporate ID which you are going to use for Windows 10 Intune enrollment
  • The user might need administrator access to enroll the Windows 10 device into Intune
  • Register the CNAME if you are using a custom domain (not required if you are using .ONMICROSOFT.com ID as I showed in this post and video)

Register Windows 10 Device to Azure AD

In this section, you are going to see how to register to Azure AD as part of Windows 10 Intune enrollment. Check out the following link if you are wondering what is the difference between Azure AD Registration & Azure AD join.

Follow the steps to register the Windows 10 BYOD device with Azure AD. The Intune enrollment is explained in the below section of this blog and in the video as well.

Several more Windows environment scenarios are explained in the blog post here. You might be able to skip this AAD registration step and directly go to Intune enrollment section of this post (I didn’t test that scenario yet).

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school > Connect
  • Enter Corporate Email ID and Password
  • Click on Done to complete the Azure AD registration process

Check – Confirm AAD Registration

You can go ahead and confirm whether your device is Azure AD registered. You can check this AAD registration using the following steps.

  • Select Settings >Accounts > Access work or school > Connect
  • Click on added Work or School Account
  • Click on Manage Your Account Link, and this link redirect to the below screen, and you can confirm whether AAD Registered (Workplace Joined).

Note! – You can also check Windows 10 Azure AD Registration (Workplace Join) from Azure AD portal.

Windows 10 Intune Enrollment Steps

In this section, you are going to see how to enroll Windows 10 BYOD devices into Microsoft Intune. You shall complete Azure AD registration as I explained in the above section (this is not a mandatory step).

I think Windows 10 Intune enrollment will automatically take care of Azure AD registration (you can skip the AAD registration step – if you want). Following steps will help you to complete Windows 10 Intune Enrollment.

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school
  • Click on Enroll Only in Device Management
  • Enter your Corporate Email and Password (Wait for some time to allow Windows to complete the Intune enrollment)
  • If the Intune Enrollment is successful, then it will come back with “Setting up your device” popup window
  • Click on Got It button to complete Windows 10 Intune Enrollment (I would recommend to go ahead and do SYNC)

Results-Windows 10 Intune Enrollment BYOD

You can check the status of your Windows 10 Intune enrollment and Azure AD registration from two places.

User View

The First place to look at the results is the Windows 10 Settings page. Settings >Accounts > Access work or school.

Check whether you can see the Intune enrollment and Azure AD registration. Following are the two connections I could see.

  • Connected to Default Directory MDM (Intune Enrolled)
  • Work or School Account (Azure AD Registered)

Admin View

Second place to look at the results of Windows 10 Intune Enrollment is from Azure AD portal – Users pane or Intune blade.

Check whether you (admin) can see whether the device is Azure AD registered and MDM enrollment (Intune managed).

Extra Tip

Microsoft documentation here is not up to date with Windows 10 1809 GUI and options. So I would recommend to test the above-mentioned method on your test machines and confirm whether it works for your version of Windows 10.

Resources

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.