Enrolling devices in Microsoft Intune is necessary for managing devices through MDM authority. The Intune service can control devices, push various applications, settings, policies, and perform tasks such as resetting, wiping, and restarting devices. To enroll devices in Intune, there are two phases: first, the device must be registered in Azure AD, and then it must be enrolled in Intune, which creates an MDM certificate necessary for communication with the Intune service.
Microsoft Intune is closely integrated with Azure AD, and users/groups can be managed through both the Azure AD Portal and the MEM Admin center (Intune Portal). Before enrolling devices, certain prerequisites must be met, such as setting the MDM authority to Microsoft Intune and assigning Intune licenses to users. Supported operating systems for Intune include Android, iOS/iPadOS, Linux, macOS, and Windows.
Two methods can be used for enrolling devices: user-driven and automatic enrollment. User-driven enrollment requires users to perform the enrollment themselves, which can be done through the Company Portal App, accessing the work or school account, or joining the device to Azure Active Directory. Automatic enrollment, on the other hand, is administrator-based and does not require user interaction.
Device Enrollment Manager (DEM) is a special use case for enrolling up to 1000 devices, and it comes with various limitations and restrictions. Automatic enrollment can be done through Group Policy or SCCM Co-management, which allows for the dual management of devices between SCCM and Intune. Provisioning packages can also be created using Windows Configuration Designer for bulk enrollment and enrolling Windows IoT Core devices.
Enrolling devices in Intune is a crucial step for effective device management. By following the prerequisites and enrollment methods outlined above, organizations can ensure that their devices are securely and efficiently managed through the Intune service.