Am slowly migrating from SCCM to intune ... beginner to intune , your video gave great confident to onboard myself to Intune. Appriciate your time for this informative session. Looking for more such videos..all the best.. Thank you.
Detailed explanation, thank you for your efforts....kindly make a video on how to combat threats, and malware and set the schedule on M365 Defender Portal, I have onboarded the machines using GPO to Defender but still couldn't figure out how to manage it. Appreciate.
If it is cloud only (no Domain involved), then you have to manually enroll the device by going to "access work or school account" , installing and logging onto conpany Portal app will also enroll the device. Note: keep in mind, all pre-requisites such as intune license and internet connectivity etc will still apply.
In case of Hybrid Azure AD join, If we enable MDM auto enrolment, Doesn't it take care of enrolling the device to Intune? In this video, you soke about GPO to do this. I am beginner in this area, so curious to know things.
MDM auto enrolment will work only for cloud only PC while for on-premises environment it will not work by just implementing this setting. The reason is: For Enrollment process there are 2 steps involved: 1. Registering device to Azure (for on-premises devices - Azure AD connect is responsible) 2. Enrolling the device (using group policy enrollment setting or SCCM co-management) This method is fully automated (for on-premises) and users cannot enroll manually.
@@ManishBangia thanks for the reply , I have enabled MDM and the scope. selected some , created a security group , added the user the group, when the user logs back on the devices doesn’t get added to Intune , tried 3 devices with two different user , both have 365 premium licenses, not sure where I am going wrong
What is the best way to enroll machines to Intune that are already enrolled in AD but not configured in Intune. We just have Azure AD with all the machines in. Now we want to activate Intune on every machine. New machines are not a problem it´s the existing ones.
You need to have Azure AD Connect installed on Windows Server which will act like a bridge to sync your on-premises identities to cloud. This scenario is called Hybrid Azure AD Join (Domain Join + Azure AD Join). Then you can have group policy setup for setting name MDM enrollment which is responsible for enrolling the device. To be precise, 2 things are required for on-premises devices: 1. Hybrid Azure AD Join: Using Azure AD Connector 2. Intune Enrollment: Via Group policy I hope this clarifies
Are devices able to do Microsoft entra hybrid join? Have you configured Microsoft Entra connector which is responsible for hybrid join of device. Once hybrid join happens, then only Intune enrollment comes into picture.
Am slowly migrating from SCCM to intune ... beginner to intune , your video gave great confident to onboard myself to Intune. Appriciate your time for this informative session. Looking for more such videos..all the best.. Thank you.
Glad it was helpful!
Very very important video. Very important topics covered in very simpler way. Easy to understand. Thankyou Sir🙏😇
Sir you explain very well. After your video, all doubts are pretty much cleared.
Thanks and welcome
Excellent,cool explanation.
Looking for videos on others topics in Intunes😊
Thank you
Thanks for the great videos, really informative appreciate your efforts. Looking forward for upcoming videos on intune.
Thanks Varun
Thanks for all your efforts. nice video. Can we have more videos on Intune. Real time troubleshooting in Intune.
Great informational video
Thanks Jaspreet
Thanks Manish wonderful video, please do regular videos.
I will try my best
Really very helpful
hello sir, do i need Azure AD P1 as requirement for Automatic enrollment via Group Policy ?
Yes, for automatic enrollment P1 or P2 license is must.
Excellent..Thanks
Glad you liked it!
Detailed explanation, thank you for your efforts....kindly make a video on how to combat threats, and malware and set the schedule on M365 Defender Portal, I have onboarded the machines using GPO to Defender but still couldn't figure out how to manage it. Appreciate.
Thank you!
You're welcome!
Great Video, How do I do the Administrator enrollment in a Cloud Only environment (No SCCM/No Co-Management)?
If it is cloud only (no Domain involved), then you have to manually enroll the device by going to "access work or school account" , installing and logging onto conpany Portal app will also enroll the device.
Note: keep in mind, all pre-requisites such as intune license and internet connectivity etc will still apply.
Amazing Channel, keep it up with the good work!
In case of Hybrid Azure AD join, If we enable MDM auto enrolment, Doesn't it take care of enrolling the device to Intune? In this video, you soke about GPO to do this. I am beginner in this area, so curious to know things.
MDM auto enrolment will work only for cloud only PC while for on-premises environment it will not work by just implementing this setting. The reason is:
For Enrollment process there are 2 steps involved:
1. Registering device to Azure (for on-premises devices - Azure AD connect is responsible)
2. Enrolling the device (using group policy enrollment setting or SCCM co-management)
This method is fully automated (for on-premises) and users cannot enroll manually.
Is it possible to add a device that is already connected to Azure AD to enroll to Intune without using company portal
Yes, If you enable MDM user scope for the user, enrollment will happen automatically for Azure ad joined devices
@@ManishBangia thanks for the reply , I have enabled MDM and the scope. selected some , created a security group , added the user the group, when the user logs back on the devices doesn’t get added to Intune , tried 3 devices with two different user , both have 365 premium licenses, not sure where I am going wrong
What is the best way to enroll machines to Intune that are already enrolled in AD but not configured in Intune. We just have Azure AD with all the machines in. Now we want to activate Intune on every machine. New machines are not a problem it´s the existing ones.
You need to have Azure AD Connect installed on Windows Server which will act like a bridge to sync your on-premises identities to cloud. This scenario is called Hybrid Azure AD Join (Domain Join + Azure AD Join). Then you can have group policy setup for setting name MDM enrollment which is responsible for enrolling the device.
To be precise, 2 things are required for on-premises devices:
1. Hybrid Azure AD Join: Using Azure AD Connector
2. Intune Enrollment: Via Group policy
I hope this clarifies
Sir, i followed your steps for enrolling with GPO , but I can't see the devices on intune till now
Are devices able to do Microsoft entra hybrid join? Have you configured Microsoft Entra connector which is responsible for hybrid join of device. Once hybrid join happens, then only Intune enrollment comes into picture.
I thought AutoPilot should be a part of automatic enrollment method ?
I'm talking AutoPlit on Microsoft Endpoint Manager admin portal
User intervention is still required even though configurations are set at the backend. After providing credentials, then only device gets enrolled.
The only realistic way is either SCCM and GPO, other methods are manual and require a lot of time
Also Autopilot does a pretty good job 🙂
Agree. Apart from GPO and SCCM, I will add autopilot in the list as one of the most important enrollment method.
Please make in Urdu, Hindi.. Why English????