Intune Automatic Enrollment Attributes Visible to Non-Administrators

Maranya, Damon 316 Reputation points
2022-04-05T20:31:27.293+00:00

We are preparing to enroll our fleet of Windows 10 devices with Intune using the Intune automatic enrollment group policy.

We have multiple users that are not based in locations with access to a domain controller. As a result these users will be coming in to an office that does have DC access to trigger the group policy, and then returning to their work locations.

The problem I'm stuck on is that I need to find a way to inform the users when the enrollment task has been created, so that they can get back to their respective locations.

But the task is only visible to users with administrator permissions on the device, and most of our users do not have local administrator permissions. I have the same problem with GPResult. Which is not exactly the same thing. But it would be the next best thing that I know of.

Does anyone know of an attribute that's visible to a standard user account and would confirm the creation of the requisite enrollment task? Or failing that, whether or not the group policy was successfully applied?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,618 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,747 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,248 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,346 Reputation points
    2022-04-06T04:17:22.107+00:00

    @Maranya, Damon Thanks for posting in our Q&A. It seems there is no method to visible the task to a standard user account. Based on my understanding, if we want to apply GPO to a standard user, it is needed to ask the users to restart their devices to apply the policy.

    Then wait for some time and check if it shows the "Info" button under Settings > Accounts > Access work or school > click on your work or school accoount. If yes, it means that GPO enrollment is successful.
    190389-image.png

    Or please try to check if it shows Event ID: 75, with the message “Auto MDM Enroll: Succeeded” in Event Viewer's Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin. If yes, it indicates that the auto-enrollment succeeded.
    190390-image.png

    Hope it will give you some ideas.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Maranya, Damon 316 Reputation points
    2022-04-06T13:53:45.82+00:00

    Thanks for the suggestion @Lu Dai-MSFT .

    Unfortunately this isn't an option as some enrollments are taking 14 or more hours to complete. We have a case open with Microsoft on that issue. But progress has not been as fast as one might hope.

    In the meantime I'm looking for a way to let the end user know that the group policy has been successfully applied and the scheduled task has been created. So that they can disconnect from the domain network and return the their offices which have internet access but not visibility into our domain. Which will be fine for the Intune enrollment process as I understand it.

    Anyone have any other ideas?