In this post, you learn to Configure MDM authority & user scope configuration who can enroll their devices into Intune. If you have not read my previous posts, I recommend reading the following posts to get a full understanding of the Intune guide.
- Intune Guide Post 1 – How to Install Configure Azure AD Connect
- Intune Guide Post 2 | ADD Connect Sync | ADSyncScheduler
Prerequisites
The below Prerequisites are required to enroll the Windows 10 devices:
- Intune enabled as the MDM authority
- Windows 10 1703 and above for testing
- EMS E3 licenses (or at the very least Intune and Azure AD premium P1)
In this series of posts, I’m going to explain end to end process to build an Intune lab environment. It’s assumed that you already have a domain controller and all the on-prem servers. More details about building a domain controller here.
Enable MDM (Mobile Device Management)
From Tenants with 1911 service release, the MDM authority is enabled by default set to Intune
For pre-1911 service release tenants,
In the Microsoft Endpoint Manager admin center, select the orange banner to configure the MDM authority,
Select Intune MDM Authority
Configuring Intune MDM User Scope and MAM User Scope
To configure your MDM and MAM user scope go to,
In the left-hand panel, select the Mobility (MDM and MAM) and open the Microsoft Intune Enrollment
- In Microsoft Intune Enrollment tab,
- Enable the Some in MDM user scope
- To select the Intune user groups, click No Group selected,
- Select the Intune User security Group (I have created the Azure security group to add Users to be part of Intune enrollment)
- Click Select the Azure security Group
- Click Save the settings
Configuration has been saved successfully
Windows 10 Enrollment
Add the out of box Windows 10 device into Azure AD
Enter the User name , Click Next
Enter the password of Domain account and click Next
Device configuration is in progress
Click Yes to continue the device setup
Windows 10 device is joined to Azure AD, using Settings verify the user account information
The device is Azure AD joined, MDM is compliant
Reference:
- Azure Stack Edge and Azure Data Box Gateway 1911 release notes – https://docs.microsoft.com/en-us/azure/databox-online/data-box-gateway-1911-release-notes
- Intune Documentation – https://docs.microsoft.com/en-us/mem/intune/
- Mobile Device Management – https://docs.microsoft.com/en-us/windows/client-management/mdm/
原创文章,作者:奋斗,如若转载,请注明出处:https://blog.ytso.com/notes/278639.html