Introduction
You manage device identity and authentication so users can securely access corporate resources from any device. This module explains how Microsoft Entra ID represents devices, the difference between registration, Entra join, and hybrid join, and how device-based authentication and trust support Intune management and Conditional Access.
In this module, you will:
- Describe what device objects are and which attributes matter for management.
- Compare device registration, Entra join, and hybrid join to choose the right approach.
- Describe Windows Hello for Business options (key trust, certificate trust) and the role of TPM.
- Configure common join and enrollment flows and troubleshoot device trust issues.
Scenario
Contoso IT is preparing to onboard 1,200 endpoints across remote and on-premises users. You need a repeatable plan that ensures corporate devices are joined and enrolled for management, personal devices provide a device signal for Conditional Access, and hybrid domain-joined machines continue to access on-premises resources. This module walks through the identity decisions and operational steps you use to meet those goals.
How to use this module
Work through the concept sections, try the configuration examples in a test tenant or pilot group, and use the troubleshooting checks when devices fail to join or enroll. The knowledge check at the end validates your understanding of common scenarios.