This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 40%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES0%3C/text%3E%3C/svg%3E)
Hi,
We have a environment with win 10 devices of version 1803 managed by SCCM. We are getting Intune implemented for Autopilot activities with limited user in group for windows auto enrollment, where we target to only get new devices (1909) provisioned by Autopilot to be Hybrid AAD joined and to be co-management (pilot collection defined). so existing win 10 1803 are out of scope for co-management and we do not have auto-enrollment enabled at SCCM. We are in plan to sync the on-premise OU defined on premise for win 10 to sync with azure and to be used for Autopilot activities. Request help in understanding device behavior of these old Win 10 devices already available in this OU after syncing with Azure,
1) will the old win 10 (1803) devices be Azure joined by default SCCM cloud service client settings
2) if a user is licensed and is part of the group allowed for windows auto enrollment at Intune, will their existing device get enrolled to Intune as well
3) if old device is enrolled to Intune, as they are not part on co-management collection at SCCM will they receive policy or apps from Intune?
Any help or suggestion here is much appreciated
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
application are targeted to user groups from Intune, so if user is already licensed and are part of group allowed for auto enrollment at Intune, what will be the impact on the existing device post sync?
Thanks in advance
Nothing, unless something from my point 2 above occurs. If the user is part of the group used for auto enrollment, that just means that the device can enroll into Intune if used by one of the methods in the answer for 2.
Thank you... so far devices are just hybrid AD joined :)
If you wanted to prevent users from manually enrolling them (through Company Portal, Windows Settings, or Office 365 etc) you can block personal Windows 10 devices using device restriction policies https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#blocking-personal-windows-devices