Registering a Device to Intune Without Autopilot
A comprehensive guide to enrolling devices manually and automatically in Microsoft Intune
Key Highlights
- Multiple Enrollment Methods: Options include manual enrollment via settings or the Company Portal app, automatic enrollment with Azure AD join, and device enrollment manager (DEM) usage.
- Flexibility for Different Scenarios: Tailored approaches for both corporate-owned devices and personal devices (BYOD) ensure that any environment can be accommodated.
- Comprehensive Setup Considerations: Instructions emphasize prerequisites such as licensing, device compatibility, and configuration steps to guarantee smooth enrollment into Intune.
Introduction
Microsoft Intune is a prevalent unified endpoint management service that empowers organizations to secure, manage, and monitor devices such as PCs, smartphones, and tablets. While Windows Autopilot is a popular method for pre-configuring new devices, many scenarios—especially when dealing with existing devices or specific administrative requirements—demand enrolling devices without relying on Autopilot. This guide provides a detailed exploration of the various methods available to register a device to Intune without using Windows Autopilot and explains the step-by-step processes for each method.
Enrollment Methods Without Windows Autopilot
There are several effective methods to register a device into Microsoft Intune without using Autopilot. Depending on the type of device ownership (corporate-owned or personal) and administrative considerations, organizations can choose among multiple pathways. These methods include standard manual enrollment via settings, enrollment using the Intune Company Portal app, automatic enrollment linked with Azure Active Directory (Azure AD), as well as using specialized accounts like the Device Enrollment Manager (DEM). For organizations that already have a hybrid environment with on-premises Active Directory, group policy options and co-management with Configuration Manager are available for streamlined enrollment.
Manual Enrollment via the Windows Settings App
Step-by-Step Process for Manual Enrollment
A straightforward method to add a device into Intune is the manual enrollment method using the built-in settings option on Windows 10 or Windows 11. This method is typically used for personal devices (BYOD) or when configuring devices that are already in use.
To begin the manual enrollment, the user must open the settings application on the device, navigate to the appropriate section, and authenticate with the required work or school credentials. The following steps outline the process:
- Open the "Settings" app on your Windows device.
- Click on "Accounts" to begin the process.
- Select "Access work or school" and then click the "+ Connect" button.
- When prompted, choose the option to "Join this device to Azure Active Directory." This step is crucial as it registers the device in Azure AD and leads to enrollment in Intune.
- Enter your work or school account credentials. Ensure that your account has the necessary licenses and permissions for enrollment.
- Follow the on-screen prompts until the process completes.
- Once finished, the device is registered under your organization's Azure AD and appears as a managed device in the Microsoft Intune admin center.
This method leverages the inherent relationship between Azure AD registration and Intune management, ensuring users receive single sign-on capability and streamlined access to corporate resources.
Enrollment via the Intune Company Portal App
Using the Company Portal for BYOD and Simple Enrollment
An alternative and user-friendly method is by employing the Intune Company Portal app. This method is particularly useful in scenarios where the device is personally owned. The Company Portal app simplifies the enrollment process by providing a guided interface that helps end-users enroll their devices into Intune.
To enroll using the Company Portal app:
- Download and install the Intune Company Portal app from the Microsoft Store.
- Launch the app and sign in with your work or school account, ensuring that your account has the appropriate permissions and licensing.
- Follow the in-app instructions to complete the enrollment process. The app may prompt you to allow permissions and install necessary management profiles.
- Once enrolled, your device will be managed by Intune, thereby receiving required policies and configurations automatically.
Users can manage the status of their devices and view compliance reporting directly within the Company Portal app. This method is highly recommended for its ease of use and minimal need for technical support after the initial setup.
Automatic Enrollment with Azure AD Join
Configuring Auto Enrollment Settings
Automatic enrollment linked with Azure AD join provides a seamless way to integrate the enrollment process into the out-of-box experience (OOBE). With this method, devices automatically enroll in Intune as soon as they are joined to Azure AD, minimizing the manual steps required from the end-user.
The following steps are typically followed to set up automatic enrollment:
- Configure the Microsoft Entra ID (formerly Azure AD) with automatic enrollment settings, which may require adjusting MDM user scope settings in the portal.
- Create and ensure proper DNS records, such as a CNAME record, if needed for the enrollment process.
- When a new device is powered on, it undergoes the OOBE wherein the user is guided to sign in with a work account. Upon sign-in, the auto-enrollment process is triggered.
- The device gets automatically registered in Azure AD and then enrolled into Intune based on the configured policies.
This method is particularly advantageous for corporate-owned devices since it provides a high level of automation and reduces the need for IT personnel to individually configure each device.
Using Device Enrollment Manager (DEM)
Centralized Enrollment for Mass Device Management
The Device Enrollment Manager (DEM) is designed for administrators who need to enroll a large number of devices quickly without requiring each device to log in with a unique licensed user account. DEM can be particularly useful for shared or kiosk devices.
The DEM process involves:
- Creating a DEM account with the specific rights to enroll and manage up to 1,000 devices through the Intune portal.
- Using the DEM account to enroll devices prior to handing them over to end-users.
- Assigning the devices to the appropriate configuration profiles and compliance policies as required.
The DEM approach is designed for cases where device management needs are centralized and where the individual user context is not paramount, such as labs, kiosks, or shared workstations.
Enrollment Using Group Policy for Hybrid Environments
Co-Management in a Hybrid Setup
In organizations that maintain a hybrid environment with both on-premises Active Directory and Azure AD, Group Policy can be utilized to enroll devices into Intune. This method leverages existing infrastructure and policies:
- Devices that are domain-joined are revamped using Group Policy for enrollment into Intune.
- Administrators can configure a group policy to automatically enroll devices once they fulfill the domain join criteria.
- This approach is beneficial for merging co-management scenarios, especially when paired with Configuration Manager.
Group Policy enrollment complements other enrollment methods by integrating seamlessly with existing IT processes while providing robust device management features through Intune.
Comparative Overview
The table below provides a side-by-side comparison of the various enrollment methods available for devices without using Windows Autopilot. This summary can assist you in selecting the most appropriate method based on your organization’s needs.
| Enrollment Method | Ideal For | Key Requirements | Advantages |
|---|---|---|---|
| Manual Enrollment via Settings | Personal devices, BYOD | Windows 10/11, work/school credentials | Straightforward and user-initiated |
| Company Portal App | BYOD, ease of use for all users | Microsoft Store access, account licensing | Guided steps, minimal IT intervention |
| Automatic Enrollment with Azure AD Join | Corporate-owned devices | MDM auto enrollment configured, Azure AD joined | High automation, streamlined setup |
| Device Enrollment Manager (DEM) | Mass deployment, shared devices | DEM account with proper license | Centrally managed, supports high volume |
| Group Policy Enrollment | Hybrid environments | Domain-joined device, Active Directory | Integrates with existing IT infrastructure |
Step-by-Step Manual Enrollment Example
Let’s look at a concise walkthrough for manually enrolling a Windows device. This example is representative of the steps required for a typical BYOD scenario:
Preparation
Ensuring Device Readiness
Before starting the enrollment process, make sure the device meets the prerequisites. Verify that the device is running a supported version of Windows (Windows 10 version 1709 or later, for instance) and that the user’s account is licensed to use Intune. It is also essential that the device is not pre-registered with Autopilot if you plan to enroll it via another method.
Process
Detailed Enrollment Steps
1. Launch the Settings application on the Windows device.
2. Click on "Accounts" to access account settings.
3. Choose "Access work or school" from the sidebar and then hit the "+ Connect" button.
4. When prompted, opt to "Join this device to Azure Active Directory."
5. Sign in using your work or school account. The authentication step not only grants access but also registers the device in Azure AD.
6. Follow the wizard’s instructions until the process completes successfully.
7. Confirm the device enrollment by checking for its appearance in the Microsoft Intune admin center. From there, IT administrators can apply device compliance policies and push necessary configurations.
Additional Considerations
While enrolling devices into Intune without Autopilot is relatively straightforward, several additional factors can influence the process:
Licensing and Permissions
Ensure Proper User Licensing
For a seamless enrollment process, verify that each user account used in the enrollment process has an appropriate Intune license. This applies to both manual enrollment and auto-enrollment methods. Without valid licensing, devices will fail to receive essential management policies.
Device Compliance and Policy Enforcement
Post-Enrollment Management
After a device is enrolled in Intune, it is imperative for IT administrators to review and enforce compliance policies. These policies can include restrictions on access to corporate data, antivirus requirements, or conditional access rules. Regular monitoring in the Intune admin console ensures that each device adheres to the organization’s security and operational protocols.
Hybrid Environments and Integration
Seamless Coordination with Existing Systems
Organizations operating in hybrid environments often maintain on-premises Active Directory alongside Azure AD. In these cases, a robust integration strategy that uses Group Policy or co-management with Configuration Manager can streamline the overall device management process. Ensuring that devices are appropriately synchronized between both platforms is critical for maintaining a unified management approach.
Security Considerations
Conditional Access and Data Protection
As part of the enrollment process, implementing Conditional Access policies is essential. By setting necessary security baselines, organizations can enforce stricter controls on device access and protect sensitive data. These measures include verifying device compliance before granting access to critical applications and enforcing multifactor authentication.
Conclusion and Final Thoughts
Enrolling a device into Microsoft Intune without using Windows Autopilot provides organizations with versatile options tailored to diverse operational scenarios. Whether it is a manual process via the Windows settings, leveraging a user-friendly Company Portal app for BYOD, or employing automated methods with Azure AD join, each approach has its inherent benefits. Additionally, specialized options like Device Enrollment Manager (DEM) and Group Policy enrollment cater to scenarios such as mass device rollouts or hybrid environments.
By understanding these various methods, IT administrators can effectively integrate devices into their management environment with minimal disruption. Critical factors such as proper licensing, device compliance, and robust security policies ensure smooth post-enrollment management. Ultimately, careful planning and the selection of the most appropriate enrollment method can result in improved device management, enhanced security, and streamlined IT operations.
References
- How to add and enroll devices to Microsoft Intune - TechTarget
- Enroll Windows 10/11 devices in Intune - Microsoft Docs
- Manually enrolling a Windows 10 device into Intune - SCCMentor
- Windows device enrollment guide for Microsoft Intune - Microsoft Docs
- Manually register devices with Windows Autopilot - Microsoft Docs
- Device enrollment guide for Microsoft Intune - Microsoft Docs
Recommended Queries for Further Insight
- How do I configure automatic enrollment in Azure AD for Intune?
- What are the security best practices for manual device enrollment in Intune?
- Comparison between Intune Company Portal app and manual settings enrollment
- How does Device Enrollment Manager (DEM) streamline mass device enrollment?
- How to integrate Group Policy enrollment in hybrid environments?
Last updated February 25, 2025