Step 4: Set up automatic enrollment for Windows 10/11 devices
Applies to:
- Windows 10
- Windows 11
In this task, you'll set up Microsoft Intune to automatically enroll corporate-owned devices, and user-owned devices for bring-your-own-device (BYOD) deployments. You can scope automatic enrollment to some Microsoft Entra users, all users, or none.
Note
Use the information provided in this series of topics to try and evaluate Microsoft Intune. When you're ready, follow the complete process to set up Intune. For more information, see Set up Microsoft Intune.
If you don't have an Intune subscription, sign up for a free trial account to try out this tutorial.
Prerequisites
- Microsoft Intune subscription - sign up for a free trial account.
- To complete this step, you must:
- Create a user.
- Create a group.
- Sign up for the Microsoft Entra ID Free Premium trial.
Automatic MDM enrollment is a premium Microsoft Entra feature. To sign up for a Microsoft Entra ID Premium trial subscription:
- Sign in to the Microsoft Entra admin center.
- Go to Identity > Settings > Mobility.
- Select Get a free Premium trial to use this feature. This option gets you the Microsoft Entra ID Free Premium trial.
- Choose the Enterprise Mobility + Security E5 free trial option.
- Select Free trial > Activate. It can take a few minutes to activate.
Sign in to the Microsoft Intune admin center
Sign in to Microsoft Intune admin center as a Global administrator or Intune service administrator. If you've created an Intune Trial subscription, the account you created the subscription with is the Global administrator.
Set up automatic enrollment
For this example, you'll configure Microsoft Intune mobile device management (MDM) and mobile application management (MAM) enrollment settings so that corporate-owned and personal devices automatically enroll in Microsoft Intune. The MDM and MAM user scopes determine how devices and apps are managed in Intune. MDM user scope enables automatic enrollment for Microsoft Intune device management. MAM user scope enables automatic enrollment for Microsoft Intune mobile application management (MAM).
- Sign in to the Microsoft Entra admin center.
- Go to Identity > Settings > Mobility.
- Select Microsoft Intune.
- Configure the MDM and MAM user scope.
- For MDM user scope select All. Or you can select Some and select Contoso Testers as the group. Make sure users aren't members of a group targeted by the MAM user scope.
- For MAM user scope, select None. We're only setting up automatic enrollment for mobile device management.
- Use the default values for the remaining configuration values on the page.
- Choose Save.
Important
If you configure both user scope types for the same user:
- The MDM user scope takes precedence if they're on a corporate-owned device. The device automatically enrolls in Microsoft Intune when they set it up for work.
- The MAM user scope takes precedence if they bring their own device. The device doesn't enroll in Microsoft Intune for device management. Microsoft Purview Information Protection policies are applied if you configured them.
Clean up resources
To reconfigure Intune automatic enrollment, check out Set up enrollment for Windows devices.
Next steps
In this task, you learned how to set up automatic enrollment for devices running Windows 10/11. For more information about device enrollment, see Device enrollment overview.
To continue to evaluate Microsoft Intune, go to the next step:
Saran dan Komentar
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat: https://aka.ms/ContentUserFeedback.
Kirim dan lihat umpan balik untuk