This is the way! The error I got was that Device restriction was set to block Windows devices which I was able to fix last week. How I wish this video came in earlier! Very thorough presentation, keep it up!
I agree with Jake as well, his video explaining in details setting up Apple Business Manager for corporate enrolment avoided a lot of frustration with my customers.
This video is amazing! I had seen the article and set it up. Nothing seemed complex. The issue was MFA and the needed the conditional access rule. Thank you!
Excellent tip by suggesting Intune Enrollment exception, I’ve seen some customers complaining they kind of alienated a bit their end users with MFA prompts while doing this 😁 this exception will take care of this 🤘🏻
@@t-minus365 Hi Nic, been following your content for over a year now. Thank you so much, excellent work. I have a quick question regarding a problem which perhaps you have encountered. For newly logged in user on a virgin windows and therefore no Microsoft apps, everything works fine, GPO applied, device is hybrid AD joined, from dsregcmd all seems happy, policies get pushed, apps deployed BUT newly logged in user still gets a toast notification : work or school account problem: select here to fix your problem and I am asked for MFA. Microsoft Intune Enrollment has been added to the exception list in the conditional access as per your instructions. Is there something else I should be looking into ? Much appreciated.
You're the man, you turned 300 pages of MS confusion into a 16 minute video that makes sense. Quick question, I'm not even seeing that my computer is "AzureAdJoined". What do I need to do to get that to come up as a yes? Any info would be greatly appreciated!
@@t-minus365 Thanks for the response. It was showing as not AzureAdJoined but after removing and recreating my object in Azure, it checked in properly. I then went on to mess with the conditional access policy, but I'm not sure it plays well with a 3rd party 2FA solution, we use Duo in this case. Even with the shared experiences prompt, i get a looping login and can't figure out what causes it.
can you talk more about the conditional access rule? When I try to exclude intune it says "You must configure either the "Grant" or "Session" section."
I excluded the Intune Enrollment app but still for some reason users need to verify mfa to enroll into intune. I did a full sync with on-prem and Azure AD but same results. Any thoughts?
Great video, I can see in your "dsregcmd /status" command output your MdmUrl entry was already populated. I found that at work our machines do not have this populated, once I added it to a machine it would enrol into Endpoint Manager. My team and I are new to Azure/Endpoint Manager, how does the MdmUrl get deployed to devices? What's the best practise? Thanks
@@t-minus365 so I found part of my problem as to why I wasn't seeing some of my computers, forgotten to turn on some containers to sync. But the container that was syncing has about 450 computer in and yeah, it's been slow. Another thing that I've noticed is that computers are taking a bit of time to show as hybrid azure ad joined. thanks for the reply!
One more question please. What is the difference if we assign Intune license to users and ask them to download Intune portal and login? Will it not work?
@@t-minus365 Thank You for the update. If we can not implement Intune for Azure AD registered devices then could you please help that how can we move devices from Azure AD registered to Azure AD joined? I have already AAD connect installed and sync enabled. Devices are showing as Azure AD registered. It will be a great help. It is really urgent.
This is the way! The error I got was that Device restriction was set to block Windows devices which I was able to fix last week. How I wish this video came in earlier! Very thorough presentation, keep it up!
Thanks!
Thank you for this video, I had been struggling with auto enrolment until I watched this.
Glad it helped!
You have very quickly become one of my favorite UA-camrs. Please keep it up, you're doing the lords work.
Thanks for the support Jake!
I completely agree with you Jake. Awesome content
I agree with Jake as well, his video explaining in details setting up Apple Business Manager for corporate enrolment avoided a lot of frustration with my customers.
You are the best, I hope more people watches your videos because they are very informative.
I appreciate that!
Best Video on this topic by far. Thank you for your contribution sir!
Glad it was helpful!
Thanks for this my friend. About to use this for a complex rollout of Intune. I appreciate you as always!
Thanks Wes! Hope you are doing well!
This video is amazing! I had seen the article and set it up. Nothing seemed complex. The issue was MFA and the needed the conditional access rule. Thank you!
Excellent tip by suggesting Intune Enrollment exception, I’ve seen some customers complaining they kind of alienated a bit their end users with MFA prompts while doing this 😁 this exception will take care of this 🤘🏻
Nice!
@@t-minus365 Hi Nic, been following your content for over a year now. Thank you so much, excellent work. I have a quick question regarding a problem which perhaps you have encountered. For newly logged in user on a virgin windows and therefore no Microsoft apps, everything works fine, GPO applied, device is hybrid AD joined, from dsregcmd all seems happy, policies get pushed, apps deployed BUT newly logged in user still gets a toast notification : work or school account problem: select here to fix your problem and I am asked for MFA. Microsoft Intune Enrollment has been added to the exception list in the conditional access as per your instructions. Is there something else I should be looking into ? Much appreciated.
Thank you for this video. It is so informative, and a great resource.
Amazing video thank you watched it twice
Glad you enjoyed it
Thank you. The conditional access rule works, and is the opposite from Microsofts official dokumentation..
Very helpful! Thanks!
Thanks!
Great vid thanx!
Glad you liked it!
You're the man, you turned 300 pages of MS confusion into a 16 minute video that makes sense. Quick question, I'm not even seeing that my computer is "AzureAdJoined". What do I need to do to get that to come up as a yes? Any info would be greatly appreciated!
Nice thanks! What are you seeing it as?
@@t-minus365 Thanks for the response. It was showing as not AzureAdJoined but after removing and recreating my object in Azure, it checked in properly. I then went on to mess with the conditional access policy, but I'm not sure it plays well with a 3rd party 2FA solution, we use Duo in this case. Even with the shared experiences prompt, i get a looping login and can't figure out what causes it.
can you talk more about the conditional access rule? When I try to exclude intune it says "You must configure either the "Grant" or "Session" section."
subbed. great video. i’m in the industry as well.
Thanks for the sub!
I excluded the Intune Enrollment app but still for some reason users need to verify mfa to enroll into intune. I did a full sync with on-prem and Azure AD but same results. Any thoughts?
Will device enrollment manager accounts work with hybrid joining into Intune? Using this method or is there a way to enroll into at the device level.
Can we do this in a non-hybrid environment? All my users are in AAD already. So I dont have a server running.
Great video, I can see in your "dsregcmd /status" command output your MdmUrl entry was already populated. I found that at work our machines do not have this populated, once I added it to a machine it would enrol into Endpoint Manager. My team and I are new to Azure/Endpoint Manager, how does the MdmUrl get deployed to devices? What's the best practise? Thanks
can't see enable automatic MDM using default azure in GPO is the fix ?
great video. but man is the propagation time is slow, im on my 2nd day, and i have only captures about 40 devices out of 1500 or so.
hmm idk that its propagation here, have you investigated some of the event logs for devices that havent enrolled yet? They may be showing failures.
@@t-minus365 so I found part of my problem as to why I wasn't seeing some of my computers, forgotten to turn on some containers to sync. But the container that was syncing has about 450 computer in and yeah, it's been slow. Another thing that I've noticed is that computers are taking a bit of time to show as hybrid azure ad joined.
thanks for the reply!
One more question please. What is the difference if we assign Intune license to users and ask them to download Intune portal and login? Will it not work?
That would still work just fine.
@@t-minus365 Thanks for the update.
This policy does not appear on my windows server r2! What would be the way to solve?
Not OP but have you downloaded the ADMX around the 8:30 mark?
Will it work fine with Azure AD Registered devices instead of joined? If not, how to fix it? Please suggest.
The only way is hybrid joined
@@t-minus365 Thank You for the update. If we can not implement Intune for Azure AD registered devices then could you please help that how can we move devices from Azure AD registered to Azure AD joined? I have already AAD connect installed and sync enabled. Devices are showing as Azure AD registered. It will be a great help. It is really urgent.
AzureAdPrt : NO Can anyone help