Set up Windows device management
|Applies to: Intune in the classic portal|
|Looking for documentation about the Intune Azure portal preview? Go here.|
Use one of the following methods to set up enrollment for Windows devices:
- This method is applicable only for Windows 10 and Windows 10 Mobile devices.
- You must have Azure Active Directory Premium to use this method. Otherwise, use the enrollment method for Windows 8.1 and Windows Phone 8.1.
- If you choose not to enable automatic enrollment, use the enrollment method for Windows 8.1 and Windows Phone 8.1.
- You must use this method to enroll Windows 8.1 and Windows Phone 8.1 devices.
Set up Windows 10 and Windows 10 Mobile automatic enrollment with Azure Active Directory Premium
Automatic enrollment lets users enroll either company-owned or personal Windows 10 PCs and Windows 10 Mobile devices in Intune by adding a work or school account and agreeing to be managed. Simple as that. In the background, the user's device registers and joins Azure Active Directory. Once registered, the device is managed with Intune.
- Azure Active Directory Premium subscription (trial subscription)
- Microsoft Intune subscription
Configure automatic MDM enrollment
Choose the Applications tab. Microsoft Intune appears in the list of applications.
Select the arrow for Microsoft Intune. You'll see a page that enables you to configure Microsoft Intune.
Select Configure to start configuring automatic MDM enrollment with Microsoft Intune.
Use the default values for the following URLs:
- MDM Enrollment
- MDM Compliance
- Specify which users’ devices should be managed by Microsoft Intune. These users’ Windows 10 devices will be automatically enrolled for management with Microsoft Intune.
- Choose Save.
Set up Windows 8.1 and Windows Phone 8.1 enrollment by configuring CNAME
You can let users install and enroll their devices by using the Intune Company Portal. If you create DNS CNAME resource records, users connect and enroll in Intune without entering a server name.
Step 1: Set up Intune
If you haven’t already, prepare for mobile device management by setting the mobile device management (MDM) authority as Microsoft Intune and then setting up MDM.
Step 2: Create CNAMEs (optional)
Create CNAME DNS resource records for your company’s domain. For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com.
Although creating CNAME DNS entries is optional, CNAME records make enrollment easier for users. If no enrollment CNAME record is found, users are prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.
CNAME resource records must have the following information:
|TYPE||Host name||Points to||TTL|
EnterpriseEnrollment-s.manage.microsoft.com – Supports a redirect to the Intune service with domain recognition from the email’s domain name
EnterpriseRegistration.windows.net – Supports Windows 8.1 and Windows 10 Mobile devices that will register with Azure Active Directory by using their work or school account
If your company uses multiple domains for user credentials, create CNAME records for each domain.
For example, if your company’s website is contoso.com, you would create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to EnterpriseEnrollment-s.manage.microsoft.com. Changes to DNS records might take up to 72 hours to propagate. You cannot verify the DNS change in Intune until the DNS record propagates.
Step 3: Verify CNAME
In the Intune administration console, choose Admin > Mobile Device Management > Windows. Enter the URL of the verified domain of the company website in the Specify a verified domain name box, and then choose Test Auto-Detection.
Step 4: Tell your users how to enroll their devices and what to expect after they're brought into management.
For end-user enrollment instructions, see Enroll your Windows device in Intune.
For more information about end-user tasks, see How to educate your end users about Microsoft Intune and End user guidance for Windows devices.