what type of registration the computer has for the Microsoft Endpoint Manager

Stefan Adorjan 1 Reputation point
2021-11-17T12:28:26.297+00:00

Hello all,

I am looking for the most effective way to connect computers to MS Endpoint Manager. Unfortunately, Microsoft Endpoint Manager is completely new to me.

About 60% of the computers are already in Azure AD. Due to the number of computers, manual linking is not possible.

Most of the computers are used by several people, which makes an assignment to fixed persons (max. 5 devices per user) not reasonable.

We distribute our software via the deployment tool "Ansible".

Some of the computers are located in the domain or in workplace networks.

Only Windows 10 operating systems are in use.

Probably only mass registration with a DEM account will make sense.

I would be grateful for a helpful opinion or a link to a possible solution.

REGARDS

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,419 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jason Sandys 31,391 Reputation points Microsoft Employee
    2021-11-17T15:53:58.683+00:00

    The Intune enrollment methods for Windows endpoints is fully covered in the official docs at https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods.

    Based on what you've noted, I think this will be a manual process on each device using an account that is local admin (unless you plan on resetting the devices). Assuming the users have local admin permissions, they can do this themselves although yes, an IT Pro can also do this using a DEM account. Don't let any IT Pros use their own account for this though.

    For devices that aren't AAD joined, assuming they are also not AD joined and just in a workgroup, you can use a provisioning package to both join them to AAD and enroll in Intune.

    1 person found this answer helpful.
    0 comments No comments

  2. Stefan Adorjan 1 Reputation point
    2021-11-18T10:12:26.73+00:00

    Hello Jason-MSFT,
    Thank you for the feedback.

    Unfortunately, the deployment package renames all the computer names. I have no way, as it stands, to have the names stay as they are.
    This really leaves only the worst option. Actually, I wanted to just distribute the registration packages with "Ansible".

    Now I will create an additional special DEM account for all computers. That should just about fit for up to 1000 computers.

    I read that you can also put the registration link on a sharepoint page. No one at Microsoft has thought about how to take over already existing large structures completely without renaming all computers.

    A big thank you for your support. :-(


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.