Is there a way to automatically enroll existing corporate-owned, domain-joined PCs to MS Intune?
-
I have not been able to get a straight answer on this anywhere.
I know of auto-pilot... as far as prepping a machine so that when the user logs on there is minimal pre-screens.
I watched the episode "Windows Client Deployment Methods" and thought it was great that the Co-Host asked a question of existing PCs, but I still did not grasp the answer.
The Host mentioned something about "refreshing" the "existing" PCs so that they can be automatically enrolled.
Could you elaborate on that?
Here is the scenario... I have 257 domain-joined Windows devices that already show up in Entra ID that need to be enrolled in MS Intune. MDM reflects "None".
Most are Microsoft Entra registered.
And I would like to know the best way for these devices to be enrolled.thank you... I've googled this extensively and gone through Microsoft Learning... and their 1st Tier Support Engineers can be a Miss/Hit with how familiar they are with the product.
Thank you again...
You guys are awesome!
---Jesse
-
Hey @Jesse-Davila great question, here are a few steps that you can take to enroll domain-joined devices into Microsoft Intune:
Note: these devices cannot be enrolled into Intune any classic agents or enrollment will fail- Ensure that all devices are running a supported version of Windows: https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client
- The MDM is configured for the enterprise
- The SCP or Service connection point is configuration (Microsoft Entra Connect): https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join
- Supported Windows Server version, based on how you have implemented the Microsoft Entra hybrid join https://learn.microsoft.com/en-us/entra/identity/devices/hybrid-join-plan
- Finally, the GPO configuration for your environment needed to enroll the devices into Intune: https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
There may be additional steps required for your specific environment that are not mentioned in these references. Also, these are guidelines but may need to be adjusted to fit your scenario.
-
In my organization we're running Server 2019 for our DCs, and on a member server we have Azure AD Connect to sync our devices with Entra ID. Our devices are hybrid joined and then typically between 15-30 minutes of adding a device to the domain, MDM enrollment will trigger and join/configure the device to Intune. I know we have GPOs to hybrid join the devices, I just can't remember if it functions as a prerequisite for Intune. I'll review our configuration and see what else jumps out.
-
Hey @Robert-Neal, hope all is well! Here are a few Microsoft Documentation resources:
-
GPOs and Intune: https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy
-
Entra ID and GPO management: https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-group-policy
Look forward to hearing from you.
-
-
@Robert-Neal Did you check on that GPO. Is it a pre-requisite? Most of our computers are listed as "Microsoft Entra registered" and I don't know if we need to switch them to hybrid join first so the GPO isn't needed, or if we need both hybrid and on-premises GPO. Everyone will have to come back to work.
I know I can add them manually with the Company Portal but we are trying to automate this.
