That's so strange. My boss came up to me this morning and told me to configure intune for a new client. None of us know how to use it. The very same morning you upload this. Haha. Amazing. Thank you! :)
Wow! I am into System administration now and I have no Idea what Intune is. After watching this video found everything absolutely same as what my Org is configured. Simply superb Andy. You are awesome!
Absolutely amazing, your videos are clear, complete, an infinitely resources for my Job, i don’t how i can tell you Thanks, thanks! I will vote for you of course. Patrizio from Rome!
Aw thank you so much I really appreciate that and just to hear you say that means a lot to me. Great to have you on board and I’m delighted that you find my content useful, all the best, Andy 😊
Hi Andy, just worth mentioning the majority of security options in endpoint manager / intune usually require defender for endpoint licenses also and integration between defender and intune. Also, I think you can only register with Windows home in a BYOD context, you need pro or enterprise to join. Cheers!
This video helped me a ton with getting my Intune from zero to hero, just like you said! Thanks a lot for this valuable recourse. I'm now ready to roll my device out. Very solid, thorough video.
We are in this world always learning, in my case some things about Microsoft and English too, thank you for speaking clearer and calmer English, more wishes for this year.
Thank you so much for this general and thorough tour of this software. My client recently learned he had Microsoft Intune and wanted to learn how to use it and see what he could do with it. And it seems you can take advantage of it especially since they are 60+ users, including some remote ones.
Hi Andy, this is a great video, I work for an MSP and I have set this up on a few different 365 tenants now. I am just looking for confirmation that all i should need for policies to start working is: 1. The Relevant license 2. MDM set to ALL (or SOME and connected to an Entra Group) 3. Compliance and Config policies setup. I am just trying to set things up in a very basic way to get us going and Microsoft really arent much help when you log it.
Andy, this is a big one in such a concise but clear manner. Definitely a proper Zero to Hero. I was able to use this lesson combined with my office's Intune deployment and learned a lot. Great stuff. Thank you!
Hi Andy, i have been following your videos. Just want to say thanks for your level of patience and for making things simple. With this video, i can bravely put my head up and work in intune. Thanks
This is great i've inherited intune in new role - hasn't been fully implemented. I need to learn fast whats there and re-do - getting it working. I think i'll be watching the autopilot vid as well
Hey Andy, always great stuff, thanks! You've been the key teacher to get our agency iPhones and PCs managed on Intune. Big big thanks! It's saved us so many hours of work and made us so much more compliant and secure. I'll be adding my first macOS computer with Intune next week and I'd love to get your take on doing it right.
About the AD and AAD Join it’s not entirely true that you have to reset the device if choosing the wrong option. While it is true that you need to reset a HYBRID AADJ device you can migrate an ADJ device to AADJ without a complete reset using a local admin account and a profile migration tool. Also you can do the same going from AADJ to ADJ. remove from azureAD reboot and join AD. Migrate profile. You can also migrate a profile from a local account into your AAD account using a tool like ProfWiz from Forensit
Thanks Andy. I was wondering if you could do a more in depth video on Intune licensing. I'm having a hard time figuring out the differences between "Intune Plan 1" and "Intune Plan 1 Device". Basically trying to answer the question can I buy the device licenses, which are cheaper, to control our PC's and/or tablets. Thanks again.
This is great video Andy. million thank you. I watched the entire video and made some notes and screenshots. I dont work for a company that have intune so how do i go about practicing it. is there a demo site that i can touch on it. I've watched your other videos regarding the server and I learnt a lot from practicing on local vm server and I would like to do the same with intune. is there a way? thanks again
Hello Andy, I have learned a great deal from your channel and really appreciate how much time and effort you put into each video. When you first installed Windows 11 on this particular test machine, did you choose the "Domain join" option? Also, are you creating VMs in Azure for testing or using local resources? Thanks again!
Fantastic video. However, its my understanding that the hybrid devices are still able to be managed through Intune by configuring the settings for Intune to manage those devices... Are there no setting options at the time of this video?
You are partly correct, yes. If you are in hybrid, and are using system centre with active directory locally you can enable co-management which provides a single pane of glass to both devices on prem and in the cloud, but they are still authenticated either by active directory or by. Entra ID
Hi Andy, Love your channel, thank you! Quick question at 22:05 you talk about putting a link in the description to your Autopilot Deployment video. Could you please point me to the correct video.
This method leaves the account as a local administrator, which is a big no-no for many people. My understanding is the best practice is to just go ahead and get the hardware Hash (To allow for Autopilot) using PowerShell, wipe the machine, and log the user in from OOBE. Or is it sufficient to just downgrade the user and get the hardware hash?
I haven't seen this method from being AzureAD joined used by organizations. We typically get the hardware hash using Powershell and reinstall the device. After reinstall Autopilot takes care of the rest.
@@patrick__007 where I work, we've been using LAPS. It's awesome & was a huge help giving it to contractors to remediate CrowdStrike BSOD devices, after which the LAPS pass is easily rotated :)
You need to have either an insurance license or have it included with an EM&5 and E5. It’s also included with business premium for smaller businesses 👍
Hi Andy, thank you so much for all of the first class help. I do need help though. ,thanks to you, I now run mdm for my company. I have devices across a number of platforms including Android. I use the corporate owned android setup but read that Google is stopping in 2024 some aspects of android . I can’t figure out whether I will be affected by this. Could you offer some advice. Although I manage this I’m not confident that I understand whether I need to act now or not. Thank you!
Again, thank you for another excellent video. One question here - you demonstrate Azure vs Hybrid registered devices. But what if all we see under Join Type is "Microsoft Entra Registered" ? How does one go about getting all their devices to be an Azure AD type? We are hybrid.. we have on-site servers, a local DC, but just got our Biz Premium license to gain Intune and other features. I don't want to bugger this up.
@@AndyMaloneMVP Oh... uh oh? They are all corp-owned devices, previously joined to our local domain. So even if I deploy InTune, they won't be fully manageable like your video shows then ?
Hi, thank you for the video. I have a couple of questions. When you join a user to Azure AD, like in your example, does it show as a local administrator and not just as a user? My second question is, I have an on-premises Active Directory and most of the workstations are joined to the domain. How can I switch to Intune and manage them through the portal?
When you join a user to Entra ID they will come in as a user not an administrator. Also, if you have workstations that are currently in hybrid these will need to be reset before you can join them via Intune
Depends on your business. There are some great compliance templates that walk you through steps along with features like compliance score help ensure that these are implemented correctly 👍😊
Hi Andy, I'm a little confused with a statement at 21:20 ish where you state about "enrolling into Intune, not MDM, but Intune"..... are you not enrolling into MDM when you enroll into Intune?
Yes, and no, you can enroll into MDM via Entra ID. But to get full management capabilities, you need to add on Intune license. I know it’s a little confusing. Microsoft 365 support’s free MDM for mobile devices, but if you want to manage them, you really do need Intune.
@Andy Malone MVP great video, but if i login on the computer first time, the system wants to active helo or the app. How do you disable this? I have many company they don't want this.
@@AndyMaloneMVP can you make a short video how to disable them? Please! I am a little bit frustradet . I have joined like you the aad, but i can't see the machine in the intune portal. I also get online one option to disconnect, but not the option like you "manged by "
Hello Andy. Thank you for this video. Is there a way to do Azure AD Join (not hybrid, we dont have any local Domain Controller) with Windows Server 2019 Standard? We use this server for Remoted Desktops. Thank you
I thought by selecting "all users" in MDM settings it enrolls those devices to Intune. So with that being said, shouldn't the number of devices in Entra ID more closely resemble the amount of devices in Intune?
Hello Andy, can any user join their device to the AZURE AD using their respective business email, or must somesort of Admin assignment be given to that user?
Hi Andy, To be able to add a device to Intune via the account setting in Windows 11 - should the user be administartor ? Also, the user can disconnect himself (his device) , is that normal ? Could we set it up to ask tobe admin of the device to have the right to disconect ? Thanks !
Yes, I believe that the settings are included in the windows 11 profile. However, if you’re asking me for which specific one I’m afraid I don’t have it in front of me at the moment. You could always post your question on the Microsoft tech community as well it’s great. All the best, Andy
Iam creating a lab for a college project, its going to be hybrid onsite arch. At the 15 min mark you say you cant manage a hybrid AD joined machine on intune/ep manager. Does that mean if I want to manage the machine I need to join it to the domain through Azure rather than the non Azure classic way? If I understood correctly. My plan was to build the active directory then replicate it to Azure through AD connect or similar. But now wonder if I should just join the computers to Azure first? I hope that makes sense I'm new to Azure, any guidance appreciated 😅
@AndyMaloneMVP It's just a lab nothing that will be used in the real world, and nothing more than just showing we can set up ad/entra etc. My plan was to build two sites and then replicate them on Azure/Entra through connect and then the devices could be managed through Intune. But it seems I will have to join them to Entra while setting up the clients. Which is fine, just something to keep in mind. The domain doesn't even need to be configured fully anyway, just a few users and a computer or 2 its just for proof of concept and some screenshots.
I need remote users to disconnect from existing on-prem Domain that uses 365 E3 and join their devices to a new 365 Business Premium tenant to leveage InTune for these users/devices on a new domain required by a company split. When the users disconnect from XYZ on-prem AD domain will they be able to use the same profile as the .\XYZ domain user to connect to new Entra ID domain? Or should I have them make themselves a new local admin account and join the new Entra ID domain from that account?
As this is a migration, you will not be able to retain your previous settings. You will need to completely re-image these machines and join them to Entra ID. You could then migrate your current group policy settings into in tune and then reapply apps and so on.
@@AndyMaloneMVP These are remote users and I cannot re-image their machines. User have admin rights to the machine through the existing local AD Domain they will be disconnecting from. Can't I have them create a new local admin account and import all files they need. Then they join computer to Azure AD after first registering the device with Azure AD and when they are ready to join AZURE AD have them put machine in Workgroup: MSHOME to join (Entra ID) Azure Active Directory.
Hi Everyone I have one question can any one respond, I have one main application with 4 dependency A,B,C,D and I need to add then like B,A,D,C How can I do that in Intune. What ever I do when I click save it is re arranging on its own sequence.
What happens if you accidentally delete a device from Intune Devices? It's still in AD, but I can't seem to find a way to get it back into Intune. The enrollment options seem to depend on enrolling a new device or enrolling a device alongside a new user. Even though I'm using an account that is an enrollment manager with global AD administrator privileges, I still can't find an easy way to add a specific device back into Intune.
From the MS Tech community For Azure AD joined devices Windows 10 devices, take the following steps: Open the command prompt as an administrator Enter dsregcmd /forcerecovery (You need to be an administrator to perform this action). Click “Sign in” in the dialog that opens up and continue with the sign in process. Sign out and sign in back to the device to complete the recovery. docs.microsoft.com/en-us/azure/active-directory/devices/faq Just for good measure I gave user temporarly administrator priviledges & followed the steps initially to remove the device e.g. 1) dsregcmd /debug /leave 2) Reboot 3) Add user to local-admins 4) Log-off & on again 5) dsregcmd /forcerecovery (I was unable to use the GUI, it did not “work” e.g. no sign-in screen showed.) I used this for: Fix Office 365 Error 70003: Your Organization Has Deleted This Device - Technipages It might resolve your issue aswell
@@AndyMaloneMVP I ran dsregcmd /forcercovery and it gave me the sign in screen and allowed me to sign in with my admin creds. Over the weekend the device did show back up in Intune. Only issue I'm having now is that, after restarting the device, I am still unable to login at the Windows login screen with anything other than the local user account. It won't accept domain creds at the Windows Sign-on screen. It just tells me my user name or password is incorrect. If I login with that local user admin account, I am able to go to settings, accounts, and see I am connected with my domain creds. Just this blasted Windows sign on screen won't let me login with domain creds. I checked in my Azure admin portal, and now I can see 3 different entries for this same device. One from an Intune MDM, one that I did today to join to Azure AD, and one hybrid that is pending. Do I need to delete two of these entries before it will allow me to login at the Windows sign on screen with my domain creds?
Only a few minutes into this video and it's already way more clear and concise than any other Intune video online. thank you!
Awesome thanks
p
That's so strange. My boss came up to me this morning and told me to configure intune for a new client. None of us know how to use it. The very same morning you upload this. Haha. Amazing. Thank you! :)
Awesome 👍
Great intro video, I was able to answer all related questions on an interview an get hired for a senior support role, thank you Andy.
No worries, you owe me a beer and well done 👍 😊
I’ve got a M365 and Intune Specialist job interview next week. Any tips for the interview?
Wow! I am into System administration now and I have no Idea what Intune is. After watching this video found everything absolutely same as what my Org is configured. Simply superb Andy. You are awesome!
You're very welcome!
hey bro, are you working in Azure? I would need some advise
Absolutely amazing, your videos are clear, complete, an infinitely resources for my Job, i don’t how i can tell you Thanks, thanks! I will vote for you of course. Patrizio from Rome!
Aw thank you so much I really appreciate that and just to hear you say that means a lot to me. Great to have you on board and I’m delighted that you find my content useful, all the best, Andy 😊
Great explanation of how these various Microsoft tools work together. Thank you Andy!
Andy, there is something to learn from you every time you post.
You are an amazing tutor ❤
Thanks so much I appreciate that😊👍
This video was perfect as I needed to prep for an Intune deployment meeting. Great stuff, thanks!
Hi Andy, just worth mentioning the majority of security options in endpoint manager / intune usually require defender for endpoint licenses also and integration between defender and intune. Also, I think you can only register with Windows home in a BYOD context, you need pro or enterprise to join. Cheers!
You are indeed correct great points
This video helped me a ton with getting my Intune from zero to hero, just like you said! Thanks a lot for this valuable recourse. I'm now ready to roll my device out. Very solid, thorough video.
Very welcome!
We are in this world always learning, in my case some things about Microsoft and English too, thank you for speaking clearer and calmer English, more wishes for this year.
Thank you so much for this general and thorough tour of this software. My client recently learned he had Microsoft Intune and wanted to learn how to use it and see what he could do with it. And it seems you can take advantage of it especially since they are 60+ users, including some remote ones.
Hi Andy, this is a great video, I work for an MSP and I have set this up on a few different 365 tenants now. I am just looking for confirmation that all i should need for policies to start working is:
1. The Relevant license
2. MDM set to ALL (or SOME and connected to an Entra Group)
3. Compliance and Config policies setup.
I am just trying to set things up in a very basic way to get us going and Microsoft really arent much help when you log it.
Sounds good to me 👍
Than you Andy, I've been using your videos for learning and found they are all worth a lot, we are fortunate to have you. God bless you.
Thanks so much. I appreciate that 👍
Andy, this is a big one in such a concise but clear manner. Definitely a proper Zero to Hero. I was able to use this lesson combined with my office's Intune deployment and learned a lot. Great stuff. Thank you!
Glad it helped!
Thanks Andy. I had no idea how powerful Intune could be.
Great video!
I was just looking for a video on this and could not find one that was as thorough as you, thank you Andy!
Thanks Sam 👍
This is helpful for the Md-102 @@AndyMaloneMVP
This has been an amazing run down of Intune and I really appreciate this. I had no idea intune was this powerful!!
Thanks for taking the time to concisely explain about the bases of Microsoft Intune.
Hi Andy, i have been following your videos. Just want to say thanks for your level of patience and for making things simple. With this video, i can bravely put my head up and work in intune. Thanks
You’re very welcome and thanks
Thank you Andy, It was very instructive session 💪💪
It would have been interesting to see some examples of deploy on physical devices to understand how it works in "real life".
Tricky for a video though
Very good teacher thank you sir. from Bhutan now in the USA
Absolutely wonderful! This has been very insightful and one of the best explanations about Intune. Thanks Andy.
Seriously, way too easy to understand.Thank you Andy!
Amazing video. Simple, clear, and concise. Thank you for your truly informative session. I actually learned something 👌
Starting to get my feet wet with Intune. This was very helpful. Thank you.
it seems wonderful, and my office will soon be putting this approach into practice.
Good refresher video. Much appreciated Andy. All the best!
This is great i've inherited intune in new role - hasn't been fully implemented. I need to learn fast whats there and re-do - getting it working. I think i'll be watching the autopilot vid as well
thank you for this video, will be using it in our organization in the near future
Hey Andy, always great stuff, thanks! You've been the key teacher to get our agency iPhones and PCs managed on Intune. Big big thanks! It's saved us so many hours of work and made us so much more compliant and secure. I'll be adding my first macOS computer with Intune next week and I'd love to get your take on doing it right.
Just follow the guide, it’s super simple. Best of luck 😊
Hi,Andy unbelievable method,your Leander devolved is possible important issue to the learning
Thanks Andy this was really helpful and made my learning much easy.
Thanks Andy. Very helpful video! You really took your time explaining this for everyone! Thanks a lot
You are my BEST Trainer. God bless you.
Many many thanks
I really appreciate this fantastic video! ❤Do you have any recommendations for a comprehensive Intune course?
Thank you Sir, clearn/concise & an Awesome video to watch. Thanks Andy!
Great Session Andy 👍. Appreciate, If you could make another session for Co-Managed Devices in a Hybrid large scale enterprise.
I done something on this in the past, but yes, definitely time for a refresh soon I think 👍
About the AD and AAD Join it’s not entirely true that you have to reset the device if choosing the wrong option. While it is true that you need to reset a HYBRID AADJ device you can migrate an ADJ device to AADJ without a complete reset using a local admin account and a profile migration tool. Also you can do the same going from AADJ to ADJ. remove from azureAD reboot and join AD. Migrate profile. You can also migrate a profile from a local account into your AAD account using a tool like ProfWiz from Forensit
Keep it up. Love your work. Thank you for your sharing your knowledge
Thankyou so much for the powerful video Andy😊. I have learned something from this video.
I’m delighted to hear that 👍
Awesome video, thank you for this information!
Thanks Andy. I was wondering if you could do a more in depth video on Intune licensing. I'm having a hard time figuring out the differences between "Intune Plan 1" and "Intune Plan 1 Device". Basically trying to answer the question can I buy the device licenses, which are cheaper, to control our PC's and/or tablets. Thanks again.
I’ll see what I can do 😊👍
Great Video, good explanation through the different settings.
Will be using it soon, thanks for the basics!
Thanks for the intro video. Got me started :)
Thank you kind sir! Learned a lot from watching this video!
Awesome video!!!!! Learning so much!!!!
A fantastic overview 😁
Thank you for such an easy tutorial!
Very informative information. Thanks a lot. Love from Kenya.
Glad it was helpful!
Excellent recap video!
Done voting!
Good job Andy MS Intune guidance
Thank you kindly
Can you please share me to how to use ms 365 business premium and premium future, I think we have purchased short time.
Thank you, great and thorough as always
My pleasure!
Hi,Andy unbelievable method, i think about your Leander, pleasure, thanks Andy bright way and way forward
This is great video Andy. million thank you. I watched the entire video and made some notes and screenshots. I dont work for a company that have intune so how do i go about practicing it. is there a demo site that i can touch on it. I've watched your other videos regarding the server and I learnt a lot from practicing on local vm server and I would like to do the same with intune. is there a way? thanks again
Unfortunately, the only thing you can do is set up a trial Azure subscription
Great, as always. Thank you Andy!
That was brilliant, thank you!
Hello Andy, I have learned a great deal from your channel and really appreciate how much time and effort you put into each video. When you first installed Windows 11 on this particular test machine, did you choose the "Domain join" option? Also, are you creating VMs in Azure for testing or using local resources? Thanks again!
Thanks very much for your kind comments. No I chose Azure AD Join😊
Thank you !
Thanks for the insight!
Excellent video. Quick question, after you wipe the device remotely, would you lose access to the device 16:35 ?
Fantastic video. However, its my understanding that the hybrid devices are still able to be managed through Intune by configuring the settings for Intune to manage those devices... Are there no setting options at the time of this video?
You are partly correct, yes. If you are in hybrid, and are using system centre with active directory locally you can enable co-management which provides a single pane of glass to both devices on prem and in the cloud, but they are still authenticated either by active directory or by. Entra ID
Thanks for your Super Videos!
Hi Andy, Love your channel, thank you! Quick question at 22:05 you talk about putting a link in the description to your Autopilot Deployment video. Could you please point me to the correct video.
ua-cam.com/video/hzlISDO51-Q/v-deo.html
This method leaves the account as a local administrator, which is a big no-no for many people. My understanding is the best practice is to just go ahead and get the hardware Hash (To allow for Autopilot) using PowerShell, wipe the machine, and log the user in from OOBE. Or is it sufficient to just downgrade the user and get the hardware hash?
Remember you also have the new LAPS service which can backup and auto rotate admin passwords
I haven't seen this method from being AzureAD joined used by organizations. We typically get the hardware hash using Powershell and reinstall the device. After reinstall Autopilot takes care of the rest.
Absolutely and in a previous demo I did it that way as well :-) But you can 🙂
@@patrick__007 where I work, we've been using LAPS.
It's awesome & was a huge help giving it to contractors to remediate CrowdStrike BSOD devices, after which the LAPS pass is easily rotated :)
vey nice we need more
Hi Andy Many Thanks for your content .Which Licence do i need to use Microsoft intune does p2 licence will work intune
You need to have either an insurance license or have it included with an EM&5 and E5. It’s also included with business premium for smaller businesses 👍
Hi Andy, thank you so much for all of the first class help. I do need help though. ,thanks to you, I now run mdm for my company. I have devices across a number of platforms including Android. I use the corporate owned android setup but read that Google is stopping in 2024 some aspects of android . I can’t figure out whether I will be affected by this. Could you offer some advice. Although I manage this I’m not confident that I understand whether I need to act now or not. Thank you!
Best advice is check the Microsoft Intune Blog and the Microsoft Tech Community :-)
Very helpful
amazing thanks
Again, thank you for another excellent video. One question here - you demonstrate Azure vs Hybrid registered devices. But what if all we see under Join Type is "Microsoft Entra Registered" ? How does one go about getting all their devices to be an Azure AD type? We are hybrid.. we have on-site servers, a local DC, but just got our Biz Premium license to gain Intune and other features. I don't want to bugger this up.
Entra ID is Azure AD. These are corp managed devices. Registered are byod devices that can have an app portal installed.
@@AndyMaloneMVP Oh... uh oh? They are all corp-owned devices, previously joined to our local domain. So even if I deploy InTune, they won't be fully manageable like your video shows then ?
Very well done thank you.
Glad it was helpful!
Great video! What did you mean by, "You need to reset the machine?" Would that be eg "Reset this PC?"
Yes, exactly
PICAAARRRD!
Thanks
Hi, thank you for the video. I have a couple of questions. When you join a user to Azure AD, like in your example, does it show as a local administrator and not just as a user? My second question is, I have an on-premises Active Directory and most of the workstations are joined to the domain. How can I switch to Intune and manage them through the portal?
When you join a user to Entra ID they will come in as a user not an administrator. Also, if you have workstations that are currently in hybrid these will need to be reset before you can join them via Intune
Thank you good stuff
Excellent!!!!
Hi Andy, are there basic compliance rules that you would recommend putting by default?
Depends on your business. There are some great compliance templates that walk you through steps along with features like compliance score help ensure that these are implemented correctly 👍😊
Thank you Andy, I will look for these template to help us get started
Hi Andy, I'm a little confused with a statement at 21:20 ish where you state about "enrolling into Intune, not MDM, but Intune"..... are you not enrolling into MDM when you enroll into Intune?
Yes, and no, you can enroll into MDM via Entra ID. But to get full management capabilities, you need to add on Intune license. I know it’s a little confusing. Microsoft 365 support’s free MDM for mobile devices, but if you want to manage them, you really do need Intune.
if u wanna try all these features, is anything like a test enviroment that u can experiment?
Sure, take out a trial E5 subscription
Really nice done. But how can I do this on a fully updated Win10 Pro machine. I didn't find the options like in your demo with Win11
You need the pro or enterprise addition?
@@AndyMaloneMVPI found it. Thx for reply
@Andy Malone MVP great video, but if i login on the computer first time, the system wants to active helo or the app. How do you disable this? I have many company they don't want this.
This is in the device config. Or enrolment profile set by Admin
@@AndyMaloneMVP can you make a short video how to disable them? Please! I am a little bit frustradet . I have joined like you the aad, but i can't see the machine in the intune portal. I also get online one option to disconnect, but not the option like you "manged by "
@@meinsda5983 sure I can do a follow-up video for you no problem
@@AndyMaloneMVP thks. I don't know why but my mdm was disable, now i can login, but a video how to disable "mfa functions etc" would be great!
@@meinsda5983 half of these features are disabled by default. As an admin feature to switch them on
Hello Andy. Thank you for this video. Is there a way to do Azure AD Join (not hybrid, we dont have any local Domain Controller) with Windows Server 2019 Standard? We use this server for Remoted Desktops. Thank you
Short answer yes. But you'll to create SMB fileshares via Microsoft Azure. learn.microsoft.com/en-us/azure/storage/files/storage-files-introduction
I thought by selecting "all users" in MDM settings it enrolls those devices to Intune. So with that being said, shouldn't the number of devices in Entra ID more closely resemble the amount of devices in Intune?
Not necessarily as Intune does not support Hybrid joined devices. These only show up in MDM & Cinfig manager.
Great.
Hello Andy, can any user join their device to the AZURE AD using their respective business email, or must somesort of Admin assignment be given to that user?
An administrator would have to allow this via the Entra ID admin centre. But, assuming you are authorised to be able to join, then yes
When adding account, i do not see the alternate actions to then connect to azure AD
OS requires Pro or possible w Home
Pro & Enterprise
Hi Andy,
To be able to add a device to Intune via the account setting in Windows 11 - should the user be administartor ?
Also, the user can disconnect himself (his device) , is that normal ? Could we set it up to ask tobe admin of the device to have the right to disconect ? Thanks !
Yes, I believe that the settings are included in the windows 11 profile. However, if you’re asking me for which specific one I’m afraid I don’t have it in front of me at the moment. You could always post your question on the Microsoft tech community as well it’s great. All the best, Andy
Iam creating a lab for a college project, its going to be hybrid onsite arch. At the 15 min mark you say you cant manage a hybrid AD joined machine on intune/ep manager. Does that mean if I want to manage the machine I need to join it to the domain through Azure rather than the non Azure classic way? If I understood correctly. My plan was to build the active directory then replicate it to Azure through AD connect or similar. But now wonder if I should just join the computers to Azure first? I hope that makes sense I'm new to Azure, any guidance appreciated 😅
Clients directly to Entra ID & I tune. What is the server for? Ask the questions do you really need it.
@AndyMaloneMVP It's just a lab nothing that will be used in the real world, and nothing more than just showing we can set up ad/entra etc. My plan was to build two sites and then replicate them on Azure/Entra through connect and then the devices could be managed through Intune. But it seems I will have to join them to Entra while setting up the clients. Which is fine, just something to keep in mind. The domain doesn't even need to be configured fully anyway, just a few users and a computer or 2 its just for proof of concept and some screenshots.
How to find the URLs for MDM terms of user and MDM compliance?
This is now in Conditional Access
I need remote users to disconnect from existing on-prem Domain that uses 365 E3 and join their devices to a new 365 Business Premium tenant to leveage InTune for these users/devices on a new domain required by a company split. When the users disconnect from XYZ on-prem AD domain will they be able to use the same profile as the .\XYZ domain user to connect to new Entra ID domain? Or should I have them make themselves a new local admin account and join the new Entra ID domain from that account?
As this is a migration, you will not be able to retain your previous settings. You will need to completely re-image these machines and join them to Entra ID. You could then migrate your current group policy settings into in tune and then reapply apps and so on.
@@AndyMaloneMVP These are remote users and I cannot re-image their machines. User have admin rights to the machine through the existing local AD Domain they will be disconnecting from. Can't I have them create a new local admin account and import all files they need. Then they join computer to Azure AD after first registering the device with Azure AD and when they are ready to join AZURE AD have them put machine in Workgroup: MSHOME to join (Entra ID) Azure Active Directory.
Does it have a geo fence feature?
I'm not sure sorry. Please check documentation.
18:59: Entra > Mobility > Intune: the MAM user scope is missing ... what could be the reason?
Licence
Hi Andy, I m not a relevant to IT fild so can you beefed the intune in Microsoft is Les1
I’m sorry, I do not understand the question
@@AndyMaloneMVP I am asking you I am a fresher can you share the class 1
Hi Everyone
I have one question can any one respond,
I have one main application with 4 dependency A,B,C,D and I need to add then like B,A,D,C
How can I do that in Intune.
What ever I do when I click save it is re arranging on its own sequence.
Can you do without the on premises? and just have azure ad joined with no on prem? that is what ive been planning on doing to save money on servers
Absolutely 100%
What happens if you accidentally delete a device from Intune Devices? It's still in AD, but I can't seem to find a way to get it back into Intune. The enrollment options seem to depend on enrolling a new device or enrolling a device alongside a new user. Even though I'm using an account that is an enrollment manager with global AD administrator privileges, I still can't find an easy way to add a specific device back into Intune.
From the MS Tech community
For Azure AD joined devices Windows 10 devices, take the following steps:
Open the command prompt as an administrator
Enter dsregcmd /forcerecovery (You need to be an administrator to perform this action).
Click “Sign in” in the dialog that opens up and continue with the sign in process.
Sign out and sign in back to the device to complete the recovery.
docs.microsoft.com/en-us/azure/active-directory/devices/faq
Just for good measure I gave user temporarly administrator priviledges & followed the steps initially to remove the device
e.g.
1) dsregcmd /debug /leave
2) Reboot
3) Add user to local-admins
4) Log-off & on again
5) dsregcmd /forcerecovery (I was unable to use the GUI, it did not “work” e.g. no sign-in screen showed.)
I used this for:
Fix Office 365 Error 70003: Your Organization Has Deleted This Device - Technipages
It might resolve your issue aswell
@@AndyMaloneMVP I ran dsregcmd /forcercovery and it gave me the sign in screen and allowed me to sign in with my admin creds. Over the weekend the device did show back up in Intune. Only issue I'm having now is that, after restarting the device, I am still unable to login at the Windows login screen with anything other than the local user account. It won't accept domain creds at the Windows Sign-on screen. It just tells me my user name or password is incorrect. If I login with that local user admin account, I am able to go to settings, accounts, and see I am connected with my domain creds. Just this blasted Windows sign on screen won't let me login with domain creds.
I checked in my Azure admin portal, and now I can see 3 different entries for this same device. One from an Intune MDM, one that I did today to join to Azure AD, and one hybrid that is pending. Do I need to delete two of these entries before it will allow me to login at the Windows sign on screen with my domain creds?