This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I need some advice on best practices and the steps involved in utilizing Intune to onboard and register a user with a Windows 10 or 11 OS PC.
These are remote users with M365 E3 and M365 F3 licences assigned who are not connected to my on-premise AD DS.
Each individual has a personal computer running Windows 10 or 11 and is connected to the internet from their home.
My goal here is to be able to onboard and enrol their computer with Intune to deploy software and enforce some security policy to use M365 platform and other resources in Azure.
I would be very grateful for any assistance.
If you dont have an additional rmm tool or something to manage the device ,it would be up to the end user to manually enroll the device.
https://video2.skills-academy.com/en-us/mem/intune/user-help/enroll-windows-10-device
But... "personal computer" please beware of what you are getting yourself into! Maybe a better idea would be to use MAM for windows (edge) to access company resources from those devices or give those users a cloud PC.
But restricting their personal devices... i wouldn't be okay with that if it was my own device ... let alone think of what happens when somehow the device gets bitlocker encrypted, reboots ask for the recovery key but somehow that key isn't uploaded to azure... guess who they will blame :) ... not me :P
OK, so if I supply them with a brand new computer from the local PC store, how can they enrol the PC to Azure/Entra ID, and then to Intune?
Autopilot should be the way to go ...I assume the local pc store doesnt know how to upload the hash. But if they could... that would be the way to go
@Rudy Ooms ,
I'm still in the planning stage so yes, I assume the Autopilot will require the computer to be enrolled in/with Intune first.
Does the new Windows 10/11 computer out of the box have Azure AD / Entra ID joined, and then Intune will be auto-enrolled?
The idea behind autopilot is that the hardware vendor should upload the hardware hash to our tenant.. if the device powerup it will try to determine if its an autopilot device and would find the proper tenant.
it will prompt the user to enter his username and password and if everything is configured properly it will start enrolling into azure ad and intune automatically
OK so in this case, what procedure do I need to perform to start the Autopilot device enrolment to intune?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@EnterpriseArchitect , Thanks for posting in Q&A. For Autopilot enrollment, if the new device includes Autopilot service when purchasing it, then you can ask OEM Reseller or partner to do the Autopilot registration. If the Autopilot service is not included, then we need to manually do Autopilot registration.
https://video2.skills-academy.com/en-us/autopilot/registration-overview
To do Windows Autopilot user-driven Microsoft Entra join, we can refer the steps in the following link:
https://video2.skills-academy.com/en-us/autopilot/tutorial/user-driven/azure-ad-join-workflow
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@EnterpriseArchitect Hope the above information can help. If there's anything else we can help, feel free to let us know.