Microsoft Intune is a cloud-based endpoint management solution that manages user access to organizational resources and simplifies app and device management across various devices, including mobile devices, desktop computers, and virtual endpoints. This guide will walk you through the steps to enroll devices in Microsoft Intune.
Requirements for Device Enrollment
Before enrolling devices, ensure that Intune is configured and prepared for user and device enrollment. This involves:
- Allocating Intune licenses
- Configuring the MDM Authority to Intune
- Verifying device compatibility
- Assigning required administrative roles such as Global Administrator or Intune Service Administrator
Steps to Enroll Devices in Microsoft Intune
Get Ready for Enrollment
- Configure Microsoft Entra ID: Ensure it is prepared for device enrollment.
- Set Up MDM Authority: Configure the MDM Authority to Intune and assign licenses.
- Verify Administrative Rights: Ensure you have the required rights, such as Intune Service Administrator or Global Administrator.
Choose Enrollment Technique
Select the enrollment technique based on the device type and ownership (personal or company-owned). Options include:
- Co-management using Configuration Manager
- Windows Autopilot
- BYOD user enrollment
- Windows automated enrollment
Windows Device Enrollment
- Use the Intune Company Portal: Enroll Windows 10/11 devices via the Intune Company Portal website or app.
- Older Windows Devices: Enroll Windows 7 or 8.1 devices through the Company Portal website.
- Add Device Enrollment Managers (DEMs): DEMs can enroll and manage up to 1,000 devices. Global Administrators and Intune Service Administrators can add and manage DEMs within the Microsoft Intune admin area.
Device Enrollment Limitations
Set up device enrollment limitations to prevent certain platforms from enrolling based on platform, version, manufacturer, or ownership type. You can also set device limit restrictions to control the number of devices a user can register for Intune.
User Enrollment (For Self-Service or BYOD)
This approach works best for organization-owned devices or personal devices (BYOD) where users have some control over the enrollment process.
- Access Settings: Users navigate to the “Access work or school” area of the Settings app.
- Select Enrollment Option:
- Connect: Sets up the device’s Microsoft Entra ID to access email and other organizational services with a less intensive level of Intune management.
- Join: Fully integrates the device with Intune management, enforcing configuration settings and security regulations.
- Sign In: Users sign in using their organizational credentials (work or school email address and password).
- Setup: Follow on-screen instructions to complete the enrollment process.
Enrolling Administrators (For Bulk Deployments)
This approach is ideal for large-scale deployments of company-owned devices or when total control over the registration process is needed. An administrator with a Device Enrollment Manager (DEM) account is required.
Actions for Administrators
- Create a DEM Account: This account has unique permissions to enroll devices in Intune. Assign the DEM account to a trusted IT administrator.
- Set Up Devices: Configure basic preferences such as language and Wi-Fi connection before enrolling.
- Enrollment via DEM Account: Administrators with DEM accounts can enroll devices using various methods:
- Windows Autopilot: Enables a touchless enrollment process for devices pre-configured with Windows 10 or later. Pre-configure Autopilot parameters.
- USB Provisioning Package: Create a configuration package and distribute it to devices via USB drives.
- OEM Pre-Provisioning: Collaborate with the device manufacturer to pre-provision devices with Intune enrollment settings before delivery.
By following these steps and utilizing available resources, you can successfully execute device enrollment with Microsoft Intune for both user-driven and administrator-controlled scenarios. Choose the enrollment option that best aligns with your organization’s needs and device deployment strategy.
