Confirm domain name requirements with System Center Configuration Manager and Microsoft Intune

Applies to: System Center Configuration Manager (Current Branch)

If necessary, take the following steps to satisfy any dependencies external to Configuration Manager:

  1. Each user must have an Intune license assigned to enroll devices. To associate Intune licenses to users, each user must have a user principal name (UPN) that can be publicly resolved (for example, or an alternate login ID configured in Azure Active Directory. Configuring an alternate login ID allows users to sign in with an email address, for example, even if their UPN is in a NetBIOS format (for example, CONTOSO\johndoe).

  2. Deploy and configure Active Directory Federation Services (AD FS). (Optional)

    When you set up single sign-on, your users can sign in with their corporate credentials to access the services in Intune.

    For more information, see the following topics:

  3. Deploy and configure directory synchronization.

    Directory synchronization lets you populate Intune with synchronized user accounts. The synchronized user accounts and security groups are added to Intune. Failure to enable Directory Synchronization is a common cause of devices not being able to enroll when setting up Configuration Manager MDM with Microsoft Intune.

    For more information, see Directory integration in the Active Directory documentation library.

  4. Optional, not recommended: If you are not using Active Directory Federation Services, reset users' Microsoft Online passwords.

    If you are not using AD FS, you must set a Microsoft Online password for each user.