Setting up Windows 10 devices in Intune
You will see questions about Microsoft Intune, configuration profiles, and compliance policies. You won't see any questions about how to set up a device in Intune but I thought it was important for you to see so I've created a lesson. If you already set up Intune to work with Windows devices or are only concerned about passing the MS-500 feel free to skip this lesson.
There are three common ways to join a Windows computer to Intune.
- First, manually. In short, you tell the Windows computer to join.
- Second, automatically through the domain. In short, we can sync all the domain-joined devices to Azure AD and then tell Azure AD to join all the computers to Intune.
- Third, by using AutoPilot. We won't be reviewing Autopilot in this lesson.
Before we can do anything, there's a bit of configuration to do on the back end. We'll need to configure a user scope. The user scope will tell which Azure AD joined computers should receive Intune.
How to configure auto-enrollment
1. Go to Microsoft Endpoint Manager admin center > Devices > Enroll devices > Windows enrollment > Automatic Enrollment. Set the MDM user scope to All. Click Save.
How to manually join a Windows computer to Intune
First things first. Let's manually join a Windows computer to Azure AD and then let Azure AD automatically join the computer to Intune.
1. On the Windows device you want to join click Start menu > Settings.
2. Click Accounts.
3. Click Access work or school > Connect. Enter your Microsoft 365 username and password. Complete the MFA prompt if required.
That's it! Simply wait 15 minutes or so and you'll see the device in the Endpoint Manager admin center.
How to sync all your computers from the domain to Intune
Since we have auto-enrollment configured in Intune any devices that show up in Azure AD will automatically be enrolled in Intune. So how about we sync all of our domain-joined computers to Azure AD?
1. Log on to the server that is running AD Connect.
2. Run the Azure AD Connect wizard. (typically it's an icon on the desktop but its default location is "C:\Program Files\Microsoft Azure Active Directory Connect\AzureADConnect.exe"
3. Click Configure.
4. Click Configure device options > Next.
5. Click Next > Enter your Microsoft 365 global admin username and password. Click Next.
6. Verify Configure Hybrid Azure AD join is checked. Click Next. Check the Windows 10 or later domain-joined devices checkbox. Click Next.
7. Check the box next to your forest. Set the Authentication Service to Azure Active Directory. Click Add. Enter your on-premises Enterprise admin credentials. Click OK. Click Next.
8. Click Configure. Click Exit.
That should be it. During the next sync, you should see all the devices sync from your on-premises AD to Azure AD.