Step 4: Set up automatic enrollment for Windows 10/11 devices

Applies to:

• Windows 10
• Windows 11

In this task, you'll set up Microsoft Intune to automatically enroll corporate-owned devices, and user-owned devices for bring-your-own-device (BYOD) deployments. You can scope automatic enrollment to some Microsoft Entra users, all users, or none.

Note

Use the information provided in this series of topics to try and evaluate Microsoft Intune. When you're ready, follow the complete process to set up Intune. For more information, see Set up Microsoft Intune.

If you don't have an Intune subscription, sign up for a free trial account to try out this tutorial.

Prerequisites

• Microsoft Intune subscription - sign up for a free trial account.
• To complete this step, you must:
  • Create a user.
  • Create a group.
  • Have Microsoft Entra ID P1 or P2 or the Premium trial subscription. You can activate a free Premium trial subscription during setup.

Sign in to the Microsoft Intune admin center

Sign in to Microsoft Intune admin center as a Global administrator or Intune service administrator. If you've created an Intune Trial subscription, the account you created the subscription with is the Global administrator.

Set up automatic enrollment

For this example, you'll configure Microsoft Intune mobile device management (MDM) enrollment settings so that corporate-owned and personal devices automatically enroll in Microsoft Intune. MDM user scope enables automatic enrollment for Microsoft Intune device management.

1. In the Microsoft Intune admin center, go to Devices > Enrollment.
2. Go to the Windows tab. Then select Automatic Enrollment.

Important

Automatic MDM enrollment is a premium Microsoft Entra feature available for Microsoft Entra ID Premium subscribers. If you can't see the automatic enrollment settings, select Automatic MDM enrollment is available only for Microsoft Entra ID Premium subscribers to activate a free trial.

3. Select Microsoft Intune.
4. Configure the MDM and WIP user scope.
   1. For MDM user scope select All. Or you can select Some and select Contoso Testers as the group. Make sure users aren't members of a group targeted by the WIP user scope.
   2. For WIP user scope, select None. We're only setting up automatic enrollment for mobile device management.
5. Use the default values for the remaining settings on the page.
6. Choose Save.

Important

If you configure both user scope types for the same user:

• The MDM user scope takes precedence if they're on a corporate-owned device. The device automatically enrolls in Microsoft Intune when they set it up for work.
• The WIP user scope takes precedence if they bring their own device. The device doesn't enroll in Microsoft Intune for device management. Microsoft Purview Information Protection policies are applied if you configured them.

Clean up resources

To reconfigure Intune automatic enrollment, see Set up enrollment for Windows devices.

Next steps

In this task, you learned how to set up automatic enrollment for devices running Windows 10/11. For more information about device enrollment, see Device enrollment overview.

To continue to evaluate Microsoft Intune, go to the next step:

Step 5 - Enroll your Windows 10/11 device