Windows
Enroll Windows 10 device in Azure Active directory and Microsoft Intune /|\-------------------------------------------------------------------------------|> How to enroll Windows 10 device in Azure Active directory and Microsoft Intune /|\-------------------------------------------------------------------------------|> To join a brand-new Windows 10 device : ---------------------------------------- 1 - Start up your new device and begin the Windows Out of Box Experience. 2 - On the Sign in with Microsoft screen, type your work or school email address. To make sure you're joined (new device) ---> Open Settings, and then select Accounts. To join an already configured Windows 10 device : ------------------------------------------------- 1 - Open Settings, and then select Accounts. 2 - Select Access work or school, and then select Connect. 3 - On the Set up a work or school account screen, select Join this device to Azure Active Directory. Alternate action : 1- Join this device to Azure Active Directory 2- Join thsi device to a local Active Directory domain ------------------------------------------------------------------------------------------------------------------------ 1-Any user for enrollment they should have Microsoft intune license (Enterprise Mobility- Security E5) 2- User is allow to enroll the devise in Azure AD / Intune Automatic enrollment should be enable in Azure AD MDM andMAM #This can be configured in two location #Intune : home > Devices > Windows Enrollment > Make sure Automatic Enrollment configured #Azure AD Portal : Mobility (MDM and MAM) 3- if using cutome Domain name : make sure configured DNS recored for Azure Ad and Intune registration (two Recored) #Intune : home > Devices > CNAME Validation #If you are using the deafult .onmicrosoft no need How to enroll : ############### log in to Windows 10 --->> Setting -> Accounts -> Access work or School -> Connect -> Join this device to Azure Active directory ------------------------------------------------------------------------------------------------------------------------------------------ --------------------------------- Hybrid Azure AD joined devices : --------------------------------- Sometimes called “mini-joined computer accounts”, these are computers that are on-prem Active Directory joined accounts that are also joined to Azure AD via Azure AD Connect or ADFS configuration. The mini join allows administrators to perform some functions with Microsoft Intune. Users can also benefit from Intune management by enrolling an existing device to Azure AD, which occurs when you install Office 365 and during login select “Allow my organization to manage my device.” However, most device management exercises like configuration policies and software deployment continue with on-prem-based solutions (or third-party solutions). -------------------------- Azure AD joined devices : -------------------------- These are devices that are joined to Azure Active Directory only. Microsoft Intune will take over the functions of Group Policy. You will need to rely on Intune for software deployment or use another third-party solution. Applications will need to rely on Azure AD for authentication unless special services and configurations are made. .