| title | titleSuffix | description | keywords | author | ms.author | manager | ms.date | ms.topic | ms.service | ms.subservice | ms.localizationpriority | ms.assetid | ms.reviewer | ms.suite | search.appverid | ms.custom | ms.collection | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Enable MDM automatic enrollment for Windows | Microsoft Intune |
Enable Intune automatic enrollment for Windows devices joining or registering with your Microsoft Entra ID. |
Lenewsad |
lanewsad |
dougeby |
07/25/2024 |
how-to |
microsoft-intune |
enrollment |
high |
f94dbc2e-a855-487e-af6e-8d08fabe6c3d |
maholdaa |
ems |
MET150 |
intune-azure |
|
Applies to
- Windows 10
- Windows 11
[!INCLUDE azure_portal]
Simplify device enrollment by enabling automatic enrollment in Microsoft Intune. This enrollment method enables devices to enroll automatically when they join or register in Microsoft Entra ID. Enrollment in Intune occurs when:
- A Microsoft Entra user adds their work or school account to their personal device.
- A corporate-owned device joins to your Microsoft Entra ID.
Automatic enrollment can be used in the following device management and provisioning scenarios:
- Bring-your-own-device (BYOD), personal devices
- Bulk enrollment
- Group Policy
- Windows Autopilot (user driven and self-deploying)
- Co-management with Configuration Manager
This article describes how to enable automatic mobile device management (MDM) enrollment for personal and corporate-owned devices.
You must have:
- A Microsoft Entra ID P1 or P2 subscription or Premium trial subscription for automatic MDM enrollment and custom company branding.
- A Microsoft Intune subscription.
- A Microsoft Entra Global Administator or Intune Administrator role. For more information about role-based-access-control (RBAC), see RBAC with Microsoft Intune.
[!INCLUDE AAD-enrollment]
The Microsoft Intune user-help docs provide conceptual information, tutorials, and how-to guides for employees and students setting up their devices for work. You can point people directly to the Intune docs, or use these articles as guidance when developing and updating your own device management docs.
Users on personal devices running Windows 11 or Windows 10 can automatically enroll by adding their work or school account on their device, or by using the Intune Company Portal app. Devices running earlier versions of Windows must enroll using the Intune Company Portal app. For more information, see Enroll Windows 10/11 devices.
You can also let unlicensed admins sign in to the Intune admin center to help with troubleshooting and support. For more information, see Unlicensed admins.
-
Device users must access the Company Portal website through Microsoft Edge to view apps assigned for specific versions of Windows. Other browsers such as Google Chrome, Mozilla Firefox, and Internet Explorer do not support this type of filtering.
-
After enrollment, you'll see two records in the Microsoft Intune admin center if automatic MDM enrollment is disabled and devices are joined to Microsoft Entra ID. To stop the duplicate records, instruct users on joined devices to Settings > Accounts > Access work or school. Then they can Connect using the same account.
For information about how to integrate and use automatic enrollment when provisioning devices, see:
- Windows Autopilot scenarios
- Enroll a Windows client device automatically using Group Policy
- Enable co-management in Configuration Manager
If you're not using automatic enrollment as part of your enrollment or provisioning solution, we recommend creating a domain name server (DNS) alias (known as a CNAME record type) that redirects enrollment requests to Intune servers. For more information, see Enable automatic discovery of Intune enrollment server.