This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 67%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
I have a tenant in which Windows devices are Azure AD joined. The environment doesn't have local AD. Intune is not configured. Now I want to enroll all
the Windows devices in Intune automatically. Is there a automatic way to enroll the existing Azure AD joined windows devices to Intune?
Any suggestion would be helpful.
Hi... devices that are already AADJ are not going to enroll automatically in Intune. Even when you configure the MDM scope and license the users.. You will not to perform some manual labor :)
https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
Hi... devices that are already AADJ are NOT going to enroll automatically in Intune. Even when you configure the MDM scope and license the users.. You will not to perform some manual labor :)
https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
You need to enable User MDM Scope for User group or for All Users. You also need to have a intune license (M365 Business premium, E3 or E5) to end user assigned. After this is done, AAD devices should be appeared in Intune automatically. Underline me, if this is not happening and I can help you forward.
Hi,
Thankyou for the response. I went through some articles and haven't found any automatically enrollment mechanism and they suggested it has to be done using manual process, however the comments are of Aug 2022.
I have this understanding, that if your Intune mdm scope is activated, user have a license and computers joins AAD manually, it will automatically join Intune. I might be wrong. If this doesn't work for you, I can test this scenario myself. Is there a need for testing or will you try yourself :)
@Ramesh Rao so I did perform the test;
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEB%3C/text%3E%3C/svg%3E)
Hi Pavel this only works when you already have Intune setup. In cases where you azure joined the devices with licensed that do not include Intune, then later upgrade your licenses, even if you change the scope to all and change the user licenses to Intune they do not get automatically enrolled. Only new ones going forward.
Yep... but with a simple deviceenroller command the device could manually be enrolled (if you have an rmm tool :))
@Rudy Ooms I was able to run a script locally on a machine while logged into a licensed cloud user, not so lucky running out of Kace remotely. Any ideas?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Ramesh Rao, Thanks for posting in Q&A.
Currently, to enroll existing Azure AD joined devices to Intune, the options we can try are as below which mentioned by the article Rudy provided:
Option 1: Group Policy. (Local Group Policy)
Option 2. Registry:
Option 3. PowerShell
If there are a lot such devices, I think PowerShell script maybe more suitable for you.
Meanwhile, please ensure the Microsoft Intune licenses and Azure AD Premium license are assigned. And the MDM user scope under Automatic enrollment is set as all.
In General, there are many enrollment methods for windows device. If you have any new device which is not Azure AD joined yet, you can choose one method according to your situation. Here is a link with the details of windows enrollment methods for your reference:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Ramesh Rao, Hope things are going well. I am writing to see if there's anything else we can help. If yes, feel free to let us know.