Enroll Windows devices

Applies to: Intune in the Azure portal preview
Because this is a preview, details and functionality are subject to change.
Looking for documentation about the classic Intune console? Go to Intune docs for the classic portal.

Use one of the following methods to set up enrollment for Windows devices:

Set up Windows 10 and Windows 10 Mobile automatic enrollment with Azure Active Directory Premium

Automatic enrollment lets users enroll either company-owned or personal Windows 10 PCs and Windows 10 Mobile devices in Intune by adding a work or school account and agreeing to be managed. Simple as that. In the background, the user's device registers and joins Azure Active Directory. Once registered, the device is managed with Intune.

Prerequisites

  • Azure Active Directory Premium subscription (trial subscription)
  • Microsoft Intune subscription

Configure automatic MDM enrollment

  1. In the Azure management portal (https://manage.windowsazure.com), navigate to the Active Directory node and select your directory.

  2. Choose the Applications tab. Microsoft Intune appears in the list of applications.

    Azure AD apps with Microsoft Intune

  3. Select the arrow for Microsoft Intune. A page opens that enables you to configure Microsoft Intune.

  4. Select Configure to start configuring automatic MDM enrollment with Microsoft Intune.

  5. Use the default values for the following URLs:

    • MDM Enrollment
    • MDM Terms of Use
    • MDM Compliance
  6. Specify which users’ devices should be managed by Microsoft Intune. These users’ Windows 10 devices will be automatically enrolled for management with Microsoft Intune.

    • All
    • Groups
    • None
  7. Choose Save.

Enable Windows enrollment without Azure AD Premium

You can let users install and enroll their devices without Azure AD Premium automatic enrollment. If you create DNS CNAME resource records, users connect and enroll in Intune without entering a server name.

  1. Create CNAMEs (optional)
    Create CNAME DNS resource records for your company’s domain. For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com.

    Although creating CNAME DNS entries is optional, CNAME records make enrollment easier for users. If no enrollment CNAME record is found, users are prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.

    If there is more than one verified domain, create a CNAME record for each domain. The CNAME resource records must contain the following information:

    CNAME resource records must have the following information:

    TYPE Host name Points to TTL
    CNAME EnterpriseEnrollment.company_domain.com EnterpriseEnrollment-s.manage.microsoft.com 1 Hour
    CNAME EnterpriseRegistration.company_domain.com EnterpriseRegistration.windows.net 1 Hour

    EnterpriseEnrollment-s.manage.microsoft.com – Supports a redirect to the Intune service with domain recognition from the email’s domain name

    If your company uses multiple domains for user credentials, create CNAME records for each domain.

    For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to EnterpriseEnrollment-s.manage.microsoft.com. Changes to DNS records might take up to 72 hours to propagate. You cannot verify the DNS change in Intune until the DNS record propagates.

  2. Verify CNAME
    In the Azure portal, choose More Services > Monitoring + Management > Intune. On the Intune blade, choose Enroll devices > Windows Enrollment. Enter the URL of the verified domain of the company website in the Specify a verified domain name box, and then choose Test Auto-Detection.

  3. Tell your users how to enroll their devices and what to expect after their devices are under management.

    For end-user enrollment instructions, see Enroll your Windows device in Intune. You can also send users to What can my IT admin see on my devic.

    For more information about end-user tasks, see Resources about the end-user experience with Microsoft Intune.

No additional work is required unless you will deploy the Company Portal to devices. Steps 2 and 3 in the admin console can be safely ignored.

To submit product feedback, please visit Intune Feedback