question

MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 asked LuDaiMSFT-0289 edited

intune liense requirement / MS365

Hello everyone,
I have a slight problem understanding whether I need a separate Intune license or not for my scenario:

  • Company of 10 users-

  • Licenses: Microsoft 365 Standard for most users, E3 for one user

  • I am the only Global Admin

  • I am the only person managing / installing / maintaining user computers, users are standard non-admin users

  • Devices (Windows 10 laptops) are enrolled as Azure AD joined machines

  • I do not need standard users to enroll their devices on their own as I do it for them

  • I am not using Autopilot, or Conditional Access policies, the only policies I need to use are Configuration policies (i.e. to configure some Windows "GPO" settings, Onedrive, etc.)

  • I am able to use Endpoint Manager, set policies, and propagate them, etc.

My question:
Do I still need to buy a separate Intune license for this scenario and assign it to the user?

Thanks
Michael






mem-intune-generalmem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@MichaelNovak-7529 Thanks for your update.

For MDM is "Office 365 Mobile", it means the device is managed by office 365. It is needed to switch to intune. We can refer to the following article to switch. On the next MDM check-in, MDM will switch to intune.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/mdm-authority-set#set-mdm-authority-to-intune


For MDM is "None", it means the devices just join in Azure AD. It is needed to get intune license and delete the device in Azure AD poral. Then re-enroll the device.


If the response is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PaD-7009 avatar image
0 Votes"
PaD-7009 answered

Intune is not part of M365 Standard, you might be using the Basic MDM.

Check out the features, if you want to use full Intune, you need to buy appropriate license.
https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-worldwide

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered

Hello,
I am well aware of this well known fact, and the mentioned article, i.e. the differences between Basic MDM and full Intune.
My question, however was different. I was asking if I need a separate license for standard users and what exactly is this license needed for standard user. It is apparent that I was able to enroll Windows 10 machines to Intune with no problems. Also, I can normally log in to the Endpoint manager, set Intune policies and see them being propagated to Azure AD joined Windows 10 machines.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@MichaelNovak-7529 Thanks for posting in our Q&A.

For this requirement, I have done the test in my lab. Here is the process in my test:
First, I enrolled my windows device with Global admin account. Then I deployed a confoguration profile to a user with license and a user without license. The configuration profile worked on these two users.

However, intune portal can't monitor the device or user status under the configuration profile.
81728-image.png

So, it is not suggested to use a Global admin account to enroll all devices. It is not an official method.

In conclusion, we still need to buy intune license for standard users and use standard users to enroll their own device.

Thanks for understanding and have a nice day.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (38.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered LuDaiMSFT-0289 commented

Thank you for your clarification.

However, I was able to enroll the device under standard user's name during initial Windows 10 installation even without Intune license.

Just fyi, I have checked this myself, and I see user device under "Device status".

I would still like to understand why exactly standard users need an Intune license when it now appears we can do it without Intune license. 81825-screen-shot-2021-03-26-at-80612-am.png



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelNovak-7529 Thanks for your response.

For this strange situation, we appreciate your help to collect some information to clarify this issue:
1.Please show the screen shots of the settings of the standard user's license.
81829-image.png
2.What method did you use to enroll the device?
3.Could you please check if the device is in intune portal and who is the device's primiary user?
81863-image.png

Note: please cover private information.

If there is anything update, feel free to let us know.


0 Votes 0 ·
image.png (33.1 KiB)
image.png (39.8 KiB)
MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered LuDaiMSFT-0289 commented

Hello,
Thanks for getting back to me.
This was a new device with Windows 10 preinstalled. Standard user's account was used during initial setup to join the machine to Azure AD.


81846-screen-shot-2021-03-26-at-111958-am.png81894-screen-shot-2021-03-26-at-111728-am.png




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelNovak-7529 Thanks for your update.

Could you please click on the license "Microsoft 365 Business Standard" and show me specific licenses included?

0 Votes 0 ·
MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered MichaelNovak-7529 edited

Requested screenshots attached.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@MichaelNovak-7529 Could you please check if the device's MDM shows "intune" in Azure AD portal? If MDM is not intune, it means the device is not managed by intune.
82275-image.png



image.png (85.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered MichaelNovak-7529 edited

MDM value on devices with users having Business Standard license says "None", interestingly enough, MDM value on device of the user with Intune license (other user) has value of "Office 365 Mobile". Is this Basic Mobility and Security?

There is an option to switch to Intune, but I would like to keep testing this on one device only for now, and keep using Basic MDM for other users.

Is it OK to switch this?

Thanks

82318-screen-shot-2021-03-29-at-100908-am.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelNovak-7529 avatar image
0 Votes"
MichaelNovak-7529 answered LuDaiMSFT-0289 edited

Thank you very much for your explanation. It was indeed helpful. I have a very minor question - the device / user with Intune license assigned has device ownership as "Uknown" and I am unable to change it.

Thanks82257-screen-shot-2021-03-29-at-102948-am.png



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelNovak-7529 Not sure if this problem is caused by not being managed by Intune. It is suggested to first enroll the device successfully and then check the ownership.

If the problem exists again, please post a new one and we will discuss it together.

I am in urgent need of your Mark, please please click "Accept Answer" and upvote my last answer. Thanks very much and have a nice day. : )

0 Votes 0 ·