E5 services off effect devices going from Office 365 Mobile MDM to Intune (All Users have the Intune license)

51349395 21 Reputation points
2022-02-17T13:10:23.783+00:00

I have a customer that has turned off a majority of their Services/Plans. Such as the following:

Azure Active Directory Premium P1

Azure Active Directory Premium P2

Azure Information Protection Premium P1

Azure Information Protection Premium P2

Azure Rights Management

Customer Lockbox

Information Barriers

Information Protection for Office 365 - Premium

Information Protection for Office 365 - Standard

Insights by MyAnalytics

Microsoft 365 Advanced Auditing

Microsoft 365 Phone System

Microsoft Azure Multi-Factor Authentication

Microsoft Defender for Cloud Apps

Microsoft Defender for Endpoint

Microsoft Defender for Office 365 (Plan 2)

Microsoft Forms (Plan E5)

Microsoft Kaizala Pro

Microsoft MyAnalytics (Full)

Microsoft StaffHub

Office 365 Advanced eDiscovery

Office 365 Cloud App Security

Office 365 Privileged Access Management

Office 365 SafeDocs

Power Apps for Office 365 (Plan 3)

Power Automate for Office 365

Power BI Pro

Premium Encryption in Office 365

Sway

Whiteboard (Plan 3)

Windows 10/11 Enterprise (Original)

They have Hybrid Joined devices in Intune and Office 365 MDM. There is no policy set for the Office 365 MDM and my understanding is that if a user has the Intune license set to ON within the E5 license, then the device that user has should go to Intune if Azure is reporting that the MDM is Office 365 MDM. Could having any of the above Services/Plans set to OFF effect this?

I want all devices to be in only Intune!

Should any service/plan always be set to ON, like Windows 10/11 Enterprise (Original) and Azure Active Directory Premium P2 for Intune to work its best?

I think every service/plan should be set to ON but the customer requires Microsoft documentation stating so.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,980 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,413 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,386 Reputation points
    2022-02-18T01:41:28.007+00:00

    @51349395 Generally, you must first assign each user an Intune license before users can enroll their devices in Intune.
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/licenses-assign
    And for Windows automatic enrollment, Azure Active Directory Premium is needed.
    https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-automatic-enrollment

    Based on my research, some other licenses are required during intune usage. When you deploy App protection policies for Microsoft Office apps, it is needed to have some office licenses.
    https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy#app-protection-policies-for-microsoft-office-apps

    When you want to use conditional access policy, the license requirements are listed in the following article:
    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview#license-requirements

    These are just two examples. For a better experience, it is suggested to keep licenses as more as possible based on your specific requirement.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,886 Reputation points MVP
    2022-02-17T22:56:54.207+00:00

    The correct way would be to switch MDM from Office 365 to Intune, assign Intune license, setup and assign policies in Intune, then remove the policies from Office 365.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.