If they are domain joined, you can use a GPO to enroll the devices into Intune. They will be marked as corporate and not BYOD. https://video2.skills-academy.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
I went and retire these Windows 10 devices from the old/legacy Intune portal. Now having problems registering the MDM on them.
I went and retire these Windows 10 devices from the old/legacy Intune portal. Now having problems registering the MDM on them. Found out that the users have to be a local admin of the workstation which we don't have at the present time.
Question:
- Is there a way to register the MDM without giving local admin rights to the end users?
- In the old/legacy Intune portal, these devices are company owned. However, when I tried to registered them to the new MDM client, it's trying to registered as BYOD devices. Yet, these devices are already on our domain.
Thanks,
4 answers
Sort by: Most helpful
-
-
Crystal-MSFT 45,656 Reputation points Microsoft Vendor
2020-10-16T02:22:04.737+00:00 @Lee, Tina , Based as I know, Local administrative privileges are required for Bring Your Own Device (BYOD) enrollment in Intune. we can see more details in the following link:
https://video2.skills-academy.com/en-us/troubleshoot/mem/intune/no-permission-to-enroll-windows-devicesFor Device in on premise AD domain, we can consider Nick's suggestion to automatically enroll windows 10 device using GPO. The following article for the reference:
https://video2.skills-academy.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policyIn General, for the windows enrollment, Intune automatically assigns corporate-owned status to devices that are:
- Enrolled with a device enrollment manager account
- Joined to Azure Active Directory with work or school credentials.
- Autopilot enrollment
- Windows 10 enrollment with GPO
- Set as corporate in the device's properties list
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Lee, Tina 1 Reputation point
2020-10-20T05:11:16.103+00:00 Hi Crystal-MSFT.
Thanks for following up with me. We did follow this suggestion:
For Device in on premise AD domain, we can consider Nick's suggestion to automatically enroll windows 10 device using GPO. The following article for the reference:
https://video2.skills-academy.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policyHowever, we are still having some problems with it. There's a part in the documentation where it talks about th is part:
Additionally, verify that the SSO State section displays AzureAdPrt as YES.
And the text is showing SSO = NO.I am not sure if maybe our Azure tenant is not joined correctly or we are missing something in the configuration setup.
If you can point me in the right direction, I would appreciate it.
I also have Microsoft technical support open on this too.
Thanks again,
-
s ganesamoorthy 161 Reputation points
2020-10-20T05:57:25.187+00:00 Seems the device is not connected to Azure for a longer time, PRT is valid for 14 days and will be renewed when the user using the device