About Windows device enrollment with Intune Company Portal

Applies to

  • Windows 10
  • Windows 11
  • Windows 8.1
  • Windows 8.1 RT

By enrolling your device in Intune, you get secure access to work or school apps on your mobile device, and access to apps in Intune Company Portal. The Company Portal app also monitors your device settings to make sure they meet your organization's requirements and syncs things (like apps, policies, and updates) from your organization to your device.

This article describes what else to expect once you've enrolled your device.

What happens on all devices after enrollment

After you enroll any Windows device (mobile or desktop) in Intune:

  • You can access your org's network, email, and work files.

  • You can install work or school apps from the Company Portal website and app. (Note: for Windows 7 and Windows Vista, you can only get these apps from the Company Portal website.)

  • Your work or school email is automatically set up.

  • You can reset your phone to factory settings if it's lost or stolen.

What happens on Windows PCs after enrollment

In addition to everything under What happens on all devices after enrollment, after you enroll a Windows PC in Intune:

  • Software is installed on the computer so that IT support can manage the computer. IT support can automatically update this software.

  • Intune Endpoint Protection might be installed on your computer. This software checks for viruses and malware.

  • IT support can't view or make changes to anything on your hard drive but Intune needs access to the hard drive on your Windows device to make sure that it's configured to meet your organization's device/security requirements. This is the same kind of access that Intune needs on a mobile device (for example, on an Android or iOS device).

  • IT support can install apps and updates on your computer.

IT support permissions

When you enroll your device, you are giving IT support permission to:

  • Reset your device back to the manufacturer's default settings. This is helpful if the device is lost or stolen.

  • Remove work-related files and business apps. Personal data and settings aren't removed.

  • See the software installed on the device, including software you've personally installed.

  • Set requirements on your device, like requiring you to have a device password or PIN. Your org might also limit how many times you can enter an incorrect password, and might lock you out of the device if you try too many times.

  • Require you to encrypt the data on your device to help protect company data, in case your device is lost or stolen.

  • Require you to accept terms and conditions.

  • Block you from using the device camera or screenshot feature. This restriction limits the sharing of work-related data.

Device syncing for updates

Every eight hours, enrolled devices will sync with Intune to get the latest updates and policies from your org. During check-in the device can:

  • Download policy or app updates.

  • Receive hardware inventory updates.

  • Receive app inventory updates.

Next steps