MDM Enrollment

Tom Albrechtsen 1 Reputation point
2021-08-04T20:19:59.977+00:00

I am new to Endpoint and have hit a wall with a few things. I have been able to add some of our companies devices into Endpoint by going through Account -->Access work or school -->Enroll in Endpoint. This has worked with a handful of devices, but others are not allowing enrollment. I have tried to find why this is the case, what I have found is that these devices need to be changed from Azure AD registered to Azure AD joined. Is there an easy way to do this that will minimize the disruption for each user? I am also confused by this as I have one device that was succesfully enrolled in Endpoint even though the Join Type is Azure AD registered. Do the devices need to be Azure AD joined?

My last question is, Is there a simple way to enroll the devices that are in Azure AD into Endpoint?

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,254 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,356 Reputation points
    2021-08-05T04:30:11.193+00:00

    @Tom Albrechtsen Thanks for posting in our Q&A.

    To clarify this issue, we appreciate your help to explain some information clearly:
    1.Did you enroll the new devices to intune or enroll the devices that have existed in Azure AD to intune?
    2.Did you want to make the device join type is "Azure AD joined"?

    In fact, "Azure AD registed" devices and "Azure AD joined" devices both can be enrolled to intune.

    If the device is new and not in the Azure AD portal, please refer to the following action to enroll:
    1.Please Configure automatic MDM enrollment. Set MDM user scope to "ALL" in Devices > Windows enrollment > Automatic Enrollmet in intune portal.
    120683-image.png

    2.If you enter the account in Access work or school directly, the device will be enrolled in intune and shows "Azure AD registed".
    If you click "Join this device to Azure AD" and then enter the account, the device will be enrolled in intune and shows "Azure AD joined".
    120646-image.png

    If the device has existed in Azure AD portal, it is suggested to try to click on "connect" in Access work or school and enter the account again. Then check if the device is enrolled in intune. If the device is not enrolled in intune, it is needed to delete the device in Azure AD portal and then re-enroll the device(Refer to the steps that enroll the new device).

    Hope the above information will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Tom Albrechtsen 1 Reputation point
    2021-08-05T18:19:34.583+00:00

    @Lu Dai-MSFT
    Thanks for the response. I'll answer your questions.

    1. The devices already exist in Azure AD. The goal is to get the devices that are already in Azure AD into Intune.
    2. I want the devices to be Azure AD Joined. My confusion was that I had read that only Joined and not Registered devices could be enrolled in Intune, however I have devices of each type in my Intune.
    3. I have about 15/25 devices into Intune, the rest are giving the error that "Your device is already connected to your organization. You don't have enough privileges to perform this operation. Please talk to your admin." So to clarify that point, I need to go in and remove the device from Azure and then re-join the device using the steps you provided?

    Thanks again for the response.

  3. Tom Albrechtsen 1 Reputation point
    2021-08-11T21:09:34.977+00:00

    @Lu Dai-MSFT Thanks for the response. I will try those steps. Why are these steps required? All of the devices that have successfully enrolled in Intune have also been in Azure AD portal, but these few devices are rejecting enrollment in Intune for some reason.

    0 comments
  4. Lu Dai-MSFT 28,356 Reputation points
    2021-08-12T04:18:11.463+00:00

    @Tom Albrechtsen Based on my experience, if we try these steps to enroll devices, there is no error. Generally, some reasons will make the enrollment failed:

    1. There are some old records about the devices in intune or Azure AD portal.
    2. Automatic enrollment is not set.
    3. The version of the device is not supported.
    4. There is some Enrollment restrictions to limit the device. For example: limit the number of the device.
      So, we usually check one by one in the troubleshoot process.

    It occurred to me that you have about 15/25 devices into intune, it may that there is the limitation number of devices.
    122565-image.png