intune liense requirement / MS365

Michael Novak 41 Reputation points
2021-03-25T10:09:30.68+00:00

Hello everyone,
I have a slight problem understanding whether I need a separate Intune license or not for my scenario:

  • Company of 10 users-
  • Licenses: Microsoft 365 Standard for most users, E3 for one user
  • I am the only Global Admin
  • I am the only person managing / installing / maintaining user computers, users are standard non-admin users
  • Devices (Windows 10 laptops) are enrolled as Azure AD joined machines
  • I do not need standard users to enroll their devices on their own as I do it for them
  • I am not using Autopilot, or Conditional Access policies, the only policies I need to use are Configuration policies (i.e. to configure some Windows "GPO" settings, Onedrive, etc.)
  • I am able to use Endpoint Manager, set policies, and propagate them, etc.

My question:
Do I still need to buy a separate Intune license for this scenario and assign it to the user?

Thanks
Michael

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
847 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
2,098 questions
No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 20,911 Reputation points Microsoft Employee
    2021-03-29T08:27:31.79+00:00

    @Michael Novak Thanks for your update.

    For MDM is "Office 365 Mobile", it means the device is managed by office 365. It is needed to switch to intune. We can refer to the following article to switch. On the next MDM check-in, MDM will switch to intune.
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/mdm-authority-set#set-mdm-authority-to-intune

    For MDM is "None", it means the devices just join in Azure AD. It is needed to get intune license and delete the device in Azure AD poral. Then re-enroll the device.


    If the response is helpful, please click "Accept Answer" and upvote it.

    No comments

9 additional answers

Sort by: Most helpful
  1. Pa_D 1,046 Reputation points
    2021-03-25T18:45:33.897+00:00

    Intune is not part of M365 Standard, you might be using the Basic MDM.

    Check out the features, if you want to use full Intune, you need to buy appropriate license.
    https://learn.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-worldwide

    No comments

  2. Michael Novak 41 Reputation points
    2021-03-25T19:30:24.807+00:00

    Hello,
    I am well aware of this well known fact, and the mentioned article, i.e. the differences between Basic MDM and full Intune.
    My question, however was different. I was asking if I need a separate license for standard users and what exactly is this license needed for standard user. It is apparent that I was able to enroll Windows 10 machines to Intune with no problems. Also, I can normally log in to the Endpoint manager, set Intune policies and see them being propagated to Azure AD joined Windows 10 machines.

    No comments

  3. Lu Dai-MSFT 20,911 Reputation points Microsoft Employee
    2021-03-26T03:28:43.827+00:00

    @Michael Novak Thanks for posting in our Q&A.

    For this requirement, I have done the test in my lab. Here is the process in my test:
    First, I enrolled my windows device with Global admin account. Then I deployed a confoguration profile to a user with license and a user without license. The configuration profile worked on these two users.

    However, intune portal can't monitor the device or user status under the configuration profile.
    81728-image.png

    So, it is not suggested to use a Global admin account to enroll all devices. It is not an official method.

    In conclusion, we still need to buy intune license for standard users and use standard users to enroll their own device.

    Thanks for understanding and have a nice day.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments

  4. Michael Novak 41 Reputation points
    2021-03-26T07:12:18.683+00:00

    Thank you for your clarification.

    However, I was able to enroll the device under standard user's name during initial Windows 10 installation even without Intune license.

    Just fyi, I have checked this myself, and I see user device under "Device status".

    I would still like to understand why exactly standard users need an Intune license when it now appears we can do it without Intune license. 81825-screen-shot-2021-03-26-at-80612-am.png