Share via

intune enrollment

guiot quentin 20 Reputation points
2023-06-27T10:02:08.21+00:00

Hello

Our group is migrating their PC's from SCCM managed into intune fully managed by doing a "wipe and enroll" but us, as a subsidiary, requested to explore all the different possibilities to avoid wiping the end users computers.

i have found some info about migrating to "co-managed" with SCCM and Intune but the idea would be to get rid of our SCCM infrastructure at some point.

i was thinkg of migrating to co-managed and then migrate from co-managed to fully managed but it looks like this second step requires a wipe of the computer anyway.

Is there a possibility to do this migration or a wipe and enroll is the only way to go ?

thank you

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,075 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,569 questions
Accepted answer
  1. Crystal-MSFT 53,971 Reputation points Microsoft External Staff
    2023-06-28T01:44:25.21+00:00

    @guiot quentin, Thanks for posting in Q&A. From your description, I notice you want the device to be AAD joined and enroll into Intune. And don't want to wipe these devices.

    For this situation, you can consider to automatic enrollment via the following steps:

    1. Enable Automatic enrollment and set MDM user scope as all.
    2. Assign the users with both Azure AD Premium license and Microsoft Intune license.
    3. On device side, go to Settings->Accounts-> Access work or school, Connect with Azure AD user account to join to Azure AD and automatically enroll into Intune.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows#automatic-enrollment-administrator-tasks

    For this enrollment method, the user will be a local admin on the device. If you want to change it, you can configure Account protection policy to change it.

    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy

    For new devices, you can consider Autopilot enrollment which can define the user as a standard user. Here is a link with more details:

    https://learn.microsoft.com/en-us/mem/autopilot/profiles

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pavel yannara Mirochnitchenko 13,326 Reputation points MVP
    2023-06-27T14:02:35.52+00:00

    If you are about to get rid of SCCM, then using GPO to enroll to MDM is the better way for you. But then your computers still will be relying on local Active Directory, so you will be stick to that. Common scenario is, that old hardware goes away and new computers are installed as a cloud-only, so that will be only temporary problem about not getting rid of AD right away.

    0 comments
  2. guiot quentin 20 Reputation points
    2023-07-11T13:53:10.72+00:00

    Hello

    i tried some solutions but only the "wipe and enroll" one was validated by management and gave the expected results: PC only in AAD and no SCCM.

    the long term goal is to remove all the onprem servers so bye bye AD and SCCM

    Thank you for your time and answers

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.