Configuring Azure Active Directory (Azure AD) for automatic device enrollment into Microsoft Intune is a crucial step in streamlining the management of Windows devices in your organization. Here’s a step-by-step guide on how to configure Azure AD for device auto-join to Intune:
Prerequisites:
- You should have an active Azure AD and Microsoft Intune subscription.
- Ensure you have administrative access to both Azure AD and Intune.
- Make sure you have Windows 10 or later devices to be enrolled.
Step 1: Sign in to Azure Portal
- Go to the Azure portal and sign in with an account that has the necessary administrative privileges for Azure AD and Intune.
Step 2: Configure Automatic Device Enrollment
- In the Azure portal, navigate to “Azure Active Directory.”
- In the left-hand menu, select “Devices.”
- Under the “Device settings” section, click on “Device enrollment settings.”
- On the “Device enrollment – settings” page, configure the following settings:a. Default device enrollment type: Choose “Azure AD joined.”b. Migrate all devices: Set this to “Yes.”c. Block personal Windows devices: Decide whether you want to block personal Windows 10 devices from being automatically enrolled. Choose “Yes” or “No” as per your organization’s policy.d. Profile type: Select “All.”e. User scope: Choose the appropriate user scope that defines which users can auto-enroll their devices.f. Device type: Select “All.”g. Automatic enrollment for MDM only: Set this to “All.”h. Users may join devices to Azure AD: Choose “All.”
- Click the “Save” button to save your settings.
Step 3: Assign Users and Devices
- Now, you need to assign users and devices to the Azure AD group that you want to be automatically enrolled. To do this:a. In the Azure portal, go to “Azure Active Directory” > “Groups.”b. Select the group you want to assign for automatic enrollment.c. Under “Members,” add the users whose devices you want to enroll.d. Under “Devices,” add the Windows 10 or later devices that you want to enroll automatically.e. Click the “Save” button to apply the changes.
Step 4: Verify Configuration
- To verify that your configuration is working correctly:a. On one of the Windows 10 devices that you assigned to the group, go to “Settings” > “Accounts” > “Access work or school.”b. Click “Connect” to enroll the device into Intune and Azure AD automatically.
Step 5: Monitor and Troubleshoot
- Once devices are automatically enrolled, you can monitor and manage them through the Microsoft Intune portal. Review device compliance, apply policies, and deploy apps as needed.
That’s it! You have successfully configured Azure AD for automatic device enrollment into Microsoft Intune. This ensures that Windows 10 or later devices assigned to the designated Azure AD group will be automatically enrolled in Intune and managed according to your organization’s policies.
