Basic setup

After you assess your environment, it's time to set up Microsoft Intune.

External dependencies for an Intune deployment


Intune requires Azure Active Directory (Azure AD) as the identity and user grouping provider. Learn more about:

If your organization is already using Microsoft 365, Intune must use the same Azure Active Directory environment.

PKI (optional)

If you're planning to use certificate-based authentication for VPN, Wi-Fi, or e-mail profiles with Intune, you'll need to make sure that you have a supported PKI infrastructure in place, ready to create and deploy certificate profiles. Learn more about configuring certificates in Intune:

Task list for an Intune setup

Task 1: Intune subscription

Before you can migrate to Intune, you first need an Intune subscription.

Task 2: Assign Intune user licenses

Task 3: Set your MDM authority to Intune

We recommend that you manage Intune using the Microsoft Endpoint Manager admin center.

Set your MDM authority to Intune. Using a different MDM authority allows Intune to transfer MDM management to alternate Microsoft management consoles. These cases are uncommon.


If you are transferring your mobile device management to Intune for the first time, you should set the MDM authority to Intune.

Learn how to set the mobile management authority.

Next step

Configure device and app management policies.