Microsoft Intune – Device Enrollment

What is MDM Device Enrollment?

In order to control the mobile devices, they need to be enrolled in Microsoft Intune services. MDM enrollment certificate is issued to the devices and these certificates are used to communicate with the devices.

You can even restrict the enrollment to specific platforms.

Categories of Devices

Multiple categories of devices can be enrolled in Intune. Here is the list of different OS systems:

1. Android
2. iOS/iPads
3. MacOS
4. Windows 10

Enrollment Methods

Each Operating system has different types of enrollment methods available for Intune. Microsoft is constantly working on bringing new enrollment methods available to the users. Currently, device enrollment methods available are as follows:

iOS/iPads

1. Bring Your Own Devices (BYOD)
   • You don’t need to reset your device
   • Device be associated with a single user
2. Device Enrollment Manager (DEM)
   • You can create a single account to enroll up to 1000 devices
   • Intune device license is required for each device to enroll devices using this method.
   • The reset is not required.
   • The device cannot be associated with a single user
3. Apple Automated Device Enrollment (AADE)
   • Apple has its own device enrollment manager which can be used to automatically enroll corporately-owned devices into Intune.
   • The reset is required to automatically enroll the devices in Intune.
4. USB-SA
   • IT admins can create an enrollment profile using Setup Assistant and export it to Apple configurator.
   • Users are prompted to run Setup Assistant to enroll their devices.
5. USB-Direct
   • Admins have to enroll each device manually by creating an enrollment policy and exporting it to Apple configurator.

Android

1. Android Device Admin:
   • It is initiated by the user by downloading the Company Portal application from Google Play Store.
   • The user has admin control over the device and can choose to remove the Company Portal application whenever he/she decides.
2. Android Enterprise Work Profile:
   • A separate work profile on Android is set up which helps to keep personal and work separately.
3. Android Device Enrollment Manager:
   • Android DEM is used to enroll up to 1000 devices in a single account.
   • Intune Device License is required to enroll devices using the DEM account.
4. Android Device admin with Zebra Mobility Extension
   • Zebra devices can be enrolled into Intune using Zebra’s Mobility Extension.
   • You can use the DEM account to enroll up to 100 Zebra devices with a single account.
5. Android Enterprise Dedicated
   • Android Corporately owned devices can use this method to automatically enroll the devices.
   • You will need a Managed Google Play Account.
6. Android Enterprise Fully Managed
   • Android fully managed devices are associated with a single user and exclusively used for work.
   • Managed Google Play accounts are used to install applications.
   • Prevent users from resetting the device.

MacOS

1. Bring Your Own Device (BYOD)
   • You can enroll MacOS devices manually either by going to Company Portal Website or downloading the Company Portal Application on your device.
2. Device Enrollment Manager (DEM)
   • You can enroll a corporately-owned Mac device using a DEM account which can be used to enroll up to 1000 devices.
3. Apple Automatic Device Enrollment (AADE)
   • You can use the Apple Device manager portal to enroll corporately-owned devices into Intune.
   • You will need an Apple Business Manager or Apple School Manager account.

Windows 10

1. Bring Your Own Device (BYOD)
   • You can enroll your personal Windows 10 device to access corporate data from your device.
2. Device Enrollment Manager (DEM)
   • Device Enrollment Manager account can be used to enroll up to 1000 devices using a single account.
3. Auto-Enrollment
   • Automatic Enrollment for Windows 10 devices can be set up on your Azure Portal.
   • You can update the CNAME records for your company domain.
   • Once the users will connect the device to the domain, they will be automatically enrolled in Intune.
4. Autopilot
   • Autopilot enrollment simplifies, enrollment of corporately-owned Windows 10 devices in Intune.
   • Device list can be updated in the Intune portal and when the new devices are turned on, they are automatically enrolled in Intune.
5. Bulk Enrollment
   • Windows configuration designer can be used for Bulk enrollment.
   • Enrollment packages can be created and Device Enrollment Manager (DEM) account can be used to enroll Windows 10 devices.
6. Co-management
   • Co-management is primarily used in the companies that use both, SCCM and Intune for device management.
   • You can configure settings in Intune to link it with SCCM and co-manage already enrolled devices through Intune and SCCM.
7. Group Policy Enrollment (GPO Enrollment)
   • All the existing Windows 10 devices that are joined to Active Directory, can be enrolled in Intune using Group Policy Enrollment.
   • AD-joined Windows 10 devices which are 1709 or later can be enrolled in Intune.
   • The devices should not be enrolled in Intune otherwise you will get an error: 0x80180026.

Related posts:

Microsoft Intune How to install RSAT Tool on Windows 10 1809 Error: 0x80244022