This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hello, maybe someone can help with this question.
The devices have been Entra Joined for a long time. However, the Auto enrollment to MDM (Intune) option was disabled.
https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment
I turned it on and now I'm waiting for devices to start being added to Intune. However, 3 hours have passed and still no device. I'm starting to worry and hope that nothing needs to be done on the users' side, because they do not have administrative privileges for this kind of action.
How long should I wait and what else is required?
Thank you.
The auto enrollment works at the time Entra ID joining. Do you use a remote management tool? If yes, then you can push a PS script to force the MDM enrollment process.
No, I won't be able to execute the script remotely. Computers are located at users' homes.
Do I need to escalate my privileges?
What command can be used to execute enrolmen?
Thank you.
I don't even have a local administrator password.
Perhaps installing Company Portal will help accomplish this?
Ok, looks like global admins are local admins group members.
Yes, it would be great to find a way to run the command for Entra ID joined devices without Intune :)
I had to write instructions for users and add the “Microsoft Entra Joined Device Local Administrator” role to them, otherwise they would not be able to add it to Intune.
In the instructions, I used the settings of the Access Work or School system. You must click "Enroll only in device management"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Mountain Pond, Thanks for posting in Q&A.
For your issue, could you please share with us what kind of enrollment method you are using?
If you turn on the Auto enrollment to MDM option, the device will just automatically join Intune when you perform the enrollment method, if you just turn on the Auto enrollment to MDM option and do nothing, the device will not automatically enroll in Intune, also, please check the requirements.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment#prerequisites
You can either use Company Portal to enroll the device into Intune or use the Bulk Enrollment enrolment method to create a provisioning package and place it in the network folder to enroll the device into Intune or Using BYOD method to enroll devices into Intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll
Note: the enrollment may take a few hours or overnight, and ensure your Internet is stable.
Hope above information can be helpful.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I had to write instructions for users and add the “Microsoft Entra Joined Device Local Administrator” role to them, otherwise they would not be able to add it to Intune.
In the instructions, I used the settings of the Access Work or School system. You must click "Enroll only in device management"