I went and retire these Windows 10 devices from the old/legacy Intune portal. Now having problems registering the MDM on them.

Lee, Tina 1 Reputation point
2020-10-15T21:05:52.387+00:00

I went and retire these Windows 10 devices from the old/legacy Intune portal. Now having problems registering the MDM on them. Found out that the users have to be a local admin of the workstation which we don't have at the present time.

Question:

  1. Is there a way to register the MDM without giving local admin rights to the end users?
  2. In the old/legacy Intune portal, these devices are company owned. However, when I tried to registered them to the new MDM client, it's trying to registered as BYOD devices. Yet, these devices are already on our domain.

Thanks,

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,656 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,213 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Nick Hogarth 3,431 Reputation points
    2020-10-15T23:06:16.82+00:00

    If they are domain joined, you can use a GPO to enroll the devices into Intune. They will be marked as corporate and not BYOD. https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

    0 comments No comments

  2. Crystal-MSFT 40,706 Reputation points Microsoft Vendor
    2020-10-16T02:22:04.737+00:00

    @Lee, Tina , Based as I know, Local administrative privileges are required for Bring Your Own Device (BYOD) enrollment in Intune. we can see more details in the following link:
    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/no-permission-to-enroll-windows-devices

    For Device in on premise AD domain, we can consider Nick's suggestion to automatically enroll windows 10 device using GPO. The following article for the reference:
    https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

    In General, for the windows enrollment, Intune automatically assigns corporate-owned status to devices that are:

    • Enrolled with a device enrollment manager account
    • Joined to Azure Active Directory with work or school credentials.
    • Autopilot enrollment
    • Windows 10 enrollment with GPO
    • Set as corporate in the device's properties list

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Lee, Tina 1 Reputation point
    2020-10-20T05:11:16.103+00:00

    Hi Crystal-MSFT.

    Thanks for following up with me. We did follow this suggestion:
    For Device in on premise AD domain, we can consider Nick's suggestion to automatically enroll windows 10 device using GPO. The following article for the reference:
    https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

    However, we are still having some problems with it. There's a part in the documentation where it talks about th is part:
    Additionally, verify that the SSO State section displays AzureAdPrt as YES.
    And the text is showing SSO = NO.

    I am not sure if maybe our Azure tenant is not joined correctly or we are missing something in the configuration setup.

    If you can point me in the right direction, I would appreciate it.

    I also have Microsoft technical support open on this too.

    Thanks again,


  4. s ganesamoorthy 161 Reputation points
    2020-10-20T05:57:25.187+00:00

    Seems the device is not connected to Azure for a longer time, PRT is valid for 14 days and will be renewed when the user using the device

    0 comments No comments