Bulk onboard Machines with Intune without User interaction?

Question

Hi,

Im trying to find a way to find a scalable option to onboard/enrol machines with Intune without user Interaction.

Is there such a way to do it? If yes, what are the prerequisites and how?

Thanks

Answer 1

Hi Patrik Jakus , Thanks for posting your query on Microsoft Q&A.

To be able to help you better, I need more information from you :

Can you elaborate more on what requirements do you have when you say 'without user interaction'? Are you looking for automatic enrollment options?

If my understanding of your question is correct, there are few ways to do it.

Option 1: Set up automatic enrollment for Windows 10/11 devices
This lets you set up Microsoft Intune to automatically enroll devices when specific users sign in to Windows 10/11 devices. To enroll, users add their work account to their personally owned devices or join corporate-owned devices to Azure Active Directory. In the background, the device registers and joins Azure Active Directory. Once registered, the device is managed with Intune.

Prerequisites

• Azure Active Directory Premium subscription (trial subscription)
• Microsoft Intune subscription
• Global Administrator permissions

Reference documents with detailed instructions:

• https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment
• https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-automatic-enrollment

Option 2: Bulk enrollment for Windows devices
As an administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune. To bulk enroll devices for your Azure AD tenant, you create a provisioning package with the Windows Configuration Designer (WCD) app. Applying the provisioning package to corporate-owned devices joins the devices to your Azure AD tenant and enrolls them for Intune management. Once the package is applied, it's ready for your Azure AD users to sign in.

Prerequisites for Windows devices bulk enrollment

• Devices running Windows 11 or Windows 10 Creator update (build 1709) or later
• Windows automatic enrollment

Reference document with detailed instructions: https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll

If you have any questions at all or if you are looking for something else, please let me know in the "comments" and I can further investigate.

In case this helps, please 'Accept answer' so that it can improve discoverability for others looking for help on the same topic.

Answer 2

@Patrik Jakus, Thanks for posting in Q&A.

Currently there are 7 methods to enroll windows device into Intune. And each method has its suitable scenario.

BYOD: Enroll their personally owned devices via company portal. Ownership: Personal.

DEM: It is a special service account have permissions that let authorized users enroll and manage multiple corporate-owned devices. These types of devices are good for point-of-sale or utility apps, for example, but not for users who need to access email or company resources.

Automatic enrollment via MDM: Joins the device with Azure Active Directory and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune.

Automatic enrollment via Group Policy: Configure Active Directory group policy to automatically enroll devices that are hybrid Azure AD joined. (Join on-premise domain, register to Azure AD device to enroll into Intune. Mainly for existing domain joined device.)

Windows Autopilot: Set up and pre-configure new devices, getting them ready for productive use.

Bulk enrollment: lets an authorized user join large numbers of new corporate-owned devices to Azure Active Directory and Intune. non-user affinity, can use device license.

Co-management: lets administrators enroll their existing Configuration Manager managed devices into Intune to get the dual benefits of Intune and Configuration Manager..

https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment#windows-enrollment-methods

Among these methods, BYOD needs user to install company portal to do the enrollment.

Automatic enrollment via MDM needs user to do Azure AD join or register to auto enroll into Intune.

GPO can be automatically without user interaction. But it is only suitable for Hybrid Azure Ad join devices which means the device wants to join your on premise domain and register to Azure AD as well. Here is a link with more details for the reference:

https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy

For Windows Autopilot. if this is a new device, user just needs to enter their credential to enroll. But for existing device, it needs to reset. For Bulk enroll, it also needs to apply the provisioning package to do the enrollment.

For co-management, this is mainly for the existing Configuration Manager managed devices to enroll into Intune. And it can be automatically.

https://learn.microsoft.com/en-us/mem/configmgr/comanage/quickstart-paths

Hope the above information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.