In this blog post, we’ll describe various approaches for enrolling Windows devices into Intune. Microsoft Intune integrates with Entra ID to simplify the registration and enrollment procedures for both personal and organization-owned Windows devices into Intune.

Once a device is joined with the Entra ID tenant, Intune becomes the platform for managing these devices. Throughout the Intune device enrollment procedure, an MDM certificate is deployed and installed on the device. This certificate serves as the communication method with the Intune service.

You can dictate which devices are eligible for enrollment in Intune by configuring device enrollment restrictions within the Intune admin center.

Using Intune, you can enroll the following two types of devices:

1. Corporate Owned – These types of devices are typically owned by your organization
2. Personally Owned – These devices are personal in support of a Bring Your Own Device (BYOD) scenario.

You need an Intune license for each user that you want to enroll in Intune.

Prerequisites to Enroll Windows device in Intune

Before enrolling your Windows devices into Intune :

• Ensure your Windows device is supported for Intune Enrollment. (Hint : Windows 10 1709+)
• An Intune License is assigned to the users
• MDM Authority set to Intune or Intune + Configuration Manager.

4 Methods to Enroll Windows Devices into Intune

Here are 4 methods to enroll Windows devices into Intune. We’ll cover them one by one in the following sections.

1. Windows Automatic Enrollment
2. Windows Autopilot
3. User Enrollment (BYOD)
4. Co-management with Configuration Manager

Windows Automatic Enrollment

For Automatic Enrollment of your Windows 10 and Windows 11 devices, you will require Microsoft Entra ID P1 or Entra ID P2 license.

There are 2 step to enable Windows Automatic Enrollment

Follow our Intune Preparation post for the steps to create CNAME entry.

The Azure portal lets you test your configuration

• Open the Azure Portal
• Go to Intune / Device Enrollment / Windows Enrollment / CNAME Tester

• Enter your domain and click on Test
• Ensure that your test is successful

We now need to enable Intune to accept automatic MDM enrollment requests.

• Go to Devices / Enrollment /Automatic Enrollment

• In MDM User Scope, select All or Some
  • All : All Users are enabled to enroll devices
  • Some : Specify a group to limit device enrollment to this group only
• The 3 MDM link will be automatically filled. Do not change anything and click Save

We will now test our enrollment procedure using a Windows 10 device.

• If everything is set correctly, your device will be joined to EntraID and automatically enroll in Intune. Click Done

Intune Windows Devices Enrollment – Windows Autopilot

Windows Autopilot uses automatic enrollment and requires an Entra ID P1 or Entra ID P2 license. Autopilot uses Out of Box Experience (OOBE), the device is automatically enrolled in Intune based on the Deployment/Enrollment Profile.

Windows Autopilot can only be used for organization-owned devices and does not apply to personal or BYOD (Bring Your Own Device) types.

To set up Autopilot in your Intune tenant, follow our Autopilot step-by-step guide that will guide you through.

BYOD: User Enrollment

You can register your device with Entra ID as a personal device :

• Sign in to the Entra admin center
• Under Identity, Go to Devices > All devices
• Under Manage, Click on Device settings

• Go to Settings / Accounts / Access school or work / Connect
• Select the Join this device to EntraID

• Enter your Organization Email Address in the text box and click on Next.
• This registers your device in Entra ID and displays it as Personal

Co-Management Enrollment

If you are using SCCM and Intune to manage Windows 11 devices, you can use the Co-management enrollment method.

We already have a complete post on this topic. You can follow it if this option is the desired one.