To enable Device Enrollment, select Devices in the Microsoft Intune admin center’s navigation pane, and then select Enroll Devices, as shown in Figure 3-1.
FIGURE 3-1 Configuring Device Enrollment
You can then select from the available options in the navigation pane of the Enroll Devices blade. These options are described in Table 3-3.
TABLE 3-3 Enrollment Configuration options
| Option | Description |
| Windows Enrollment | From this blade, you can access the following settings to configure Windows Device Enrollment: Automatic Enrollment Configure Windows devices to enroll automatically when they join or register with Azure AD.Windows Hello For Business Replace passwords with two-factor authentication.CNAME Validation Verify that your company’s custom domain name registration is successful.Enrollment Status Page Configure the app and profile installation status to users during their device setup.Enrollment Notifications Configure email and push notifications to be sent to users after they enroll.Co-management Settings Configure co-management settings to integrate with on-premises Configuration Manager.Deployment Profiles Configure how provisioning works with Windows Autopilot.Devices Manage and configure devices deployed through Windows Autopilot.Intune Connector for Active Directory Configure the behavior of enrolled hybrid Azure AD–joined devices. |
| Apple Enrollment | From this node, you can configure the Apple MDM Push Certificate. You can also configure bulk enrollment methods for iOS devices. |
| Android Enrollment | By default, all Android devices can be enrolled as conventional devices. Link your Managed Google Play account to Intune from this blade. You can also configure Android Enrollment Profiles: Personally-owned Devices With Work ProfileCorporate-Owned Dedicated DevicesCorporate-Owned, Fully Managed User DevicesCorporate-Owned Devices With Work Profile |
| Enrollment device limit restrictions | You can create device platform restrictions to determine which operating system versions are permitted. A default device platform restriction, assigned to All Users, allows users to enroll any device platform. You can modify this default restriction (but you cannot delete it) or create additional restrictions. Again, a device must comply with the highest-priority platform restriction assigned to its user. |
| Enrollment device platform restrictions | You can create device platform restrictions to determine which operating system versions are permitted. A default device platform restriction, assigned to All Users, allows users to enroll any device platform. You can modify this default restriction (but you cannot delete it) or create additional restrictions. Again, a device must comply with the highest-priority platform restriction assigned to its user. |
| Corporate Device Identifiers | You can enter (or upload) Device Identifiers for corporate-owned devices. The identifier might be an IMEI number or a serial number (for Android, iOS, and macOS only). |
| Device Enrollment Managers | Add one or more users with the ability to enroll multiple devices. |
There are a number of other settings that relate to enrollment. These are described in Table 3-4.
TABLE 3-4 Other enrollment settings
| Terms and Conditions | You can access terms and conditions from the Tenant Administration node in Intune.Create and configure Terms And Conditions statements for enrolled devices. These are messages users see during Device Enrollment.It’s possible to configure multiple terms and conditions and assign them to different groups, such as your organization’s departments. |
| Device Categories | You can access device categories from the Devices node in Intune. You can then create Device Categories from which users must choose during Device Enrollment. You can filter reports and create Azure Active Directory device groups based on Device Categories.Be aware that the user is able to select any of the categories you define, and there’s no way to verify that the user has selected a suitable and accurate category. However, you can change the selected device category in the device properties in Intune. |
Typically, you’ll configure the following settings to help your users enroll their devices:
- Azure AD company branding and Azure AD device settings
- Terms and conditions
- Enrollment restrictions
- Device categories
- Configure device identifiers
- Enrollment managers
