How to Enroll a Device in Intune: A Step-by-Step Guide

Eric Haavarstein

Uncategorized

Managing devices efficiently is a cornerstone of modern IT, and Microsoft Intune offers robust solutions to simplify this task. If you’re curious about how to enroll a device in Intune, this blog post covers two effective methods: automatic enrollment via Group Policy and using Intune Autopilot with PowerShell. These approaches cater to different environments, ensuring flexibility and ease for IT admins.

View our application update plans

Method 1: Enroll a Windows Device Automatically Using Group Policy

Automating enrollment with Group Policy is a great way to address how to enroll a device in Intune, especially in hybrid setups with on-premises Active Directory (AD) synced to Azure AD. Here’s how to set it up, based on Microsoft’s documentation (source):

  1. Prerequisites:
    • Hybrid Azure AD-joined environment (AD synced with Azure AD).
    • Windows 10/11 devices (version 1709 or later).
    • Intune licenses assigned to users.
    • Domain-joined devices and Group Policy Management Console access.
  2. Configure MDM Enrollment:
    • Open Group Policy Management Console on your domain controller.
    • Create or edit a Group Policy Object (GPO): Go to Computer Configuration > Policies > Administrative Templates > Windows Components > MDM Enrollment.
    • Enable “Auto MDM Enrollment with AAD Credentials” and configure it to use Azure AD credentials. This ties devices to Intune’s MDM URL (https://enrollment.manage.microsoft.com).
  3. Apply the GPO:
    • Link the GPO to an Organizational Unit (OU) with your target devices or users.
    • Run gpupdate /force on a device to apply instantly, or wait for the next refresh cycle.
  4. Verify Enrollment:
    • Restart the device or manually trigger enrollment via Settings > Accounts > Access work or school > Connect (if needed).
    • Check Devices > All Devices in the Intune Admin Center (https://intune.microsoft.com/) to confirm enrollment with a “Compliant” status.

This method automates enrollment for domain-joined devices, making it ideal for large-scale deployments in hybrid environments.

Method 2: Using Intune Autopilot with PowerShell (-Online Option)

For a cloud-centric approach, Intune Autopilot revolutionizes how to enroll a device in Intune by pre-configuring devices for users right out of the box. Using the PowerShell script Get-WindowsAutoPilotInfo.ps1 with the -Online parameter, you can register devices directly without manual CSV uploads. Here’s the process, adapted from Microsoft’s guidance (source):

  1. Prerequisites:
    • Intune subscription with Autopilot enabled.
    • Admin access to Intune Admin Center.
    • Windows 10/11 device (version 1809 or later).
    • PowerShell installed on the device or a management PC.
  2. Install the Script:
    • Open PowerShell as an administrator.
    • Install the script from PowerShell Gallery: Install-Script -Name Get-WindowsAutoPilotInfo
    • Accept prompts to install from PSGallery.
  3. Run the Script with -Online:
    • Execute the script on the target device with the -Online parameter: Get-WindowsAutoPilotInfo.ps1 -Online
    • You’ll be prompted to sign in with an Azure AD account that has Intune admin privileges. This directly uploads the device’s hardware hash (serial number, hardware ID, etc.) to Intune, skipping the CSV step.
  4. Confirm Registration:
    • In the Intune Admin Center (https://intune.microsoft.com/), go to Devices > Windows > Windows Enrollment > Devices.
    • Verify the device appears in the list, typically within minutes.
  5. Assign an Autopilot Profile:
    • Navigate to Devices > Windows > Windows Enrollment > Deployment Profiles.
    • Create or assign a profile (e.g., skip welcome screens, pre-install apps) and link it to a device group containing the registered device.
  6. Deploy the Device:
    • Reset the device to factory settings (manually or via Autopilot Reset).
    • On first boot with an internet connection, it enrolls in Intune and applies the Autopilot profile, delivering a customized setup.

The -Online option streamlines the process by eliminating file exports, making it faster and more efficient for smaller batches or one-off enrollments.

Why These Methods Stand Out

  • Group Policy: Perfect for hybrid setups with AD infrastructure, offering hands-off enrollment for domain-joined devices.
  • Intune Autopilot with -Online: Ideal for cloud-native environments, providing a seamless, automated experience with real-time registration via PowerShell.

Final Thoughts

Mastering how to enroll a device in Intune unlocks powerful management capabilities for your organization. Group Policy suits traditional setups, while Intune Autopilot with Get-WindowsAutoPilotInfo.ps1 -Online caters to modern, cloud-first workflows. Choose the method that aligns with your infrastructure, and start enrolling devices with confidence today!

How to Access and Use the Microsoft Intune Admin Center

Application Packaging Services MSP with more than 25 years of experience. We're specialized and focused on Microsoft Intune using our innovative Application Automation Framework for consistency.

Privacy Policy
Terms of Service