Share via

E5 services off effect devices going from Office 365 Mobile MDM to Intune (All Users have the Intune license)

Christopher Cass 21 Reputation points
2022-02-17T13:10:23.783+00:00

I have a customer that has turned off a majority of their Services/Plans. Such as the following:

Azure Active Directory Premium P1

Azure Active Directory Premium P2

Azure Information Protection Premium P1

Azure Information Protection Premium P2

Azure Rights Management

Customer Lockbox

Information Barriers

Information Protection for Office 365 - Premium

Information Protection for Office 365 - Standard

Insights by MyAnalytics

Microsoft 365 Advanced Auditing

Microsoft 365 Phone System

Microsoft Azure Multi-Factor Authentication

Microsoft Defender for Cloud Apps

Microsoft Defender for Endpoint

Microsoft Defender for Office 365 (Plan 2)

Microsoft Forms (Plan E5)

Microsoft Kaizala Pro

Microsoft MyAnalytics (Full)

Microsoft StaffHub

Office 365 Advanced eDiscovery

Office 365 Cloud App Security

Office 365 Privileged Access Management

Office 365 SafeDocs

Power Apps for Office 365 (Plan 3)

Power Automate for Office 365

Power BI Pro

Premium Encryption in Office 365

Sway

Whiteboard (Plan 3)

Windows 10/11 Enterprise (Original)

They have Hybrid Joined devices in Intune and Office 365 MDM. There is no policy set for the Office 365 MDM and my understanding is that if a user has the Intune license set to ON within the E5 license, then the device that user has should go to Intune if Azure is reporting that the MDM is Office 365 MDM. Could having any of the above Services/Plans set to OFF effect this?

I want all devices to be in only Intune!

Should any service/plan always be set to ON, like Windows 10/11 Enterprise (Original) and Azure Active Directory Premium P2 for Intune to work its best?

I think every service/plan should be set to ON but the customer requires Microsoft documentation stating so.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
0 comments

Answer accepted by question author

Lu Dai-MSFT 28,531 Reputation points
2022-02-18T01:41:28.007+00:00

@Christopher Cass Generally, you must first assign each user an Intune license before users can enroll their devices in Intune.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/licenses-assign
And for Windows automatic enrollment, Azure Active Directory Premium is needed.
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-automatic-enrollment

Based on my research, some other licenses are required during intune usage. When you deploy App protection policies for Microsoft Office apps, it is needed to have some office licenses.
https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy#app-protection-policies-for-microsoft-office-apps

When you want to use conditional access policy, the license requirements are listed in the following article:
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview#license-requirements

These are just two examples. For a better experience, it is suggested to keep licenses as more as possible based on your specific requirement.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Was this answer helpful?

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Jindal 11,631 Reputation points
    2022-02-17T22:56:54.207+00:00

    The correct way would be to switch MDM from Office 365 to Intune, assign Intune license, setup and assign policies in Intune, then remove the policies from Office 365.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.