win 10 behavior when windows auto enrollement is enabled in Intune

svjs-0437 201 Reputation points
2020-09-07T14:14:10.197+00:00

Hi,

We have a environment with win 10 devices of version 1803 managed by SCCM. We are getting Intune implemented for Autopilot activities with limited user in group for windows auto enrollment, where we target to only get new devices (1909) provisioned by Autopilot to be Hybrid AAD joined and to be co-management (pilot collection defined). so existing win 10 1803 are out of scope for co-management and we do not have auto-enrollment enabled at SCCM. We are in plan to sync the on-premise OU defined on premise for win 10 to sync with azure and to be used for Autopilot activities. Request help in understanding device behavior of these old Win 10 devices already available in this OU after syncing with Azure,

1) will the old win 10 (1803) devices be Azure joined by default SCCM cloud service client settings
2) if a user is licensed and is part of the group allowed for windows auto enrollment at Intune, will their existing device get enrolled to Intune as well
3) if old device is enrolled to Intune, as they are not part on co-management collection at SCCM will they receive policy or apps from Intune?

Any help or suggestion here is much appreciated

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,374 questions
0 comments No comments
{count} votes

Accepted answer
  1. Nick Hogarth 3,436 Reputation points
    2020-09-07T22:30:31.193+00:00
    1. The setting is to register them in Azure AD (which will make them Hybrid Azure AD Joined, this is a default setting in Windows 10 as well), not to Azure AD Join them. If the devices have been sycned by Azure AD Connect, then the policy will enable the devices to become Hybrid Azure AD Joined (which is required for co-management)
    2. No, unless the user either manually enrolls into Intune, or you have a GPO to enroll them in Intune, or if the co-management policy has those devices targetted.
    3. I am not sure if the behaviour has changed in later versions of Windows 10, but I believe ConfigMgr will take prescedence over every workload even if it is enrolled in Intune. Also side note, if the device is not a member of the Azure AD Group that the apps/policies are targetted to, then it will never receive them.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.