Create an MDM collection with System Center Configuration Manager and Microsoft Intune
Applies to: System Center Configuration Manager (Current Branch)
A Configuration Manager user collection is required to specify the users who can enroll devices into management. You can only use user collections (instead of device collections) because Intune licenses are assigned by user.
To enroll devices with Intune, you do not need to assign licenses to users in the Microsoft 365 admin center or Azure Active Directory portal. Including the users in a collection that gets associated with the Intune subscription (in a later step) is all that's required.
For testing purposes you can set up a Direct rule and add specific users who can enroll devices. In the Configuration Manager console, choose, Assets and Compliance > User Collections, click the Home tab > Create group, and then click Create User Collection. For broader distribution you should use Query rules to define users. For more information about collections, see How to create collections.