You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/enrollment/device-enrollment.md
+32-36Lines changed: 32 additions & 36 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,35 +41,27 @@ Microsoft Intune supports Android, macOS, iOS, and Windows devices. Some enrollm
41
41
42
42
## Supported device types
43
43
Microsoft Intune enables mobile device management for:
44
-
* Personal devices, which includes personally-owned phones, tablets, and PCs.
45
-
* Corporate-owned devices, which includes phones, tablets, and PCs owned by your organization and distributed to employees and students for use at work or school.
44
+
* Personal devices, including personallyowned phones, tablets, and PCs.
45
+
* Corporate-owned devices, including phones, tablets, and PCs owned by your organization and distributed to employees and students for use at work or school.
46
46
47
47
### Personal devices
48
-
Intune supports *Bring-your-own-device*, or *BYOD*, enrollment, which allows employees and students to use their personal devices for work or school. As the admin, you're required to add device users to Microsoft Intune, configure their enrollment experience, and set up device policies. Enrollment is done by the device user. To enroll, they simply need to install and run the Company Portal app on their device.
48
+
Microsoft Intune supports bring-your-own-device, or *BYOD*, enrollment. This type of enrollment enables employees and students to use their personal devices for work or school things. As the admin, you're required to add device users in the Microsoft Endpoint Manager admin center, configure their enrollment experience, and set up Intune policies. Enrollment is initiated and completed by the device user in the Intune Company Portal app.
49
49
50
50
> [!NOTE]
51
51
> Intune marks devices that are Azure AD-registered as personally-owned devices.
52
52
53
53
### Corporate-owned devices
54
54
55
-
Microsoft Intune automatically marks certain devices as *corporate-owned*, including devices:
56
-
57
-
* Enrolled via device enrollment manager
58
-
* Enrolled via the Apple Device Enrollment Program, Apple School Manager, or Apple Configurator (iOS/iPadOS)
59
-
* Enrolled with Android Enterprise corporate-owned work profile (Android)
60
-
* Joined to Azure Active Directory (Azure AD) with work or school credentials.
61
-
* Identified as *corporate-owned* before enrollment with an international mobile equipment identifier (IMEI) numbers
62
-
* Identified as *corporate-owned* before enrollment with a serial number (iOS/iPadOS, Android)
63
-
* Identified as *corporate* in the device properties list in Microsoft Intune
64
-
65
-
For information about corporate identifiers and changing ownership status, see [Identify devices as corporate-owned](corporate-identifiers-add.md).
55
+
Microsoft Intune automatically marks certain devices as *corporate-owned*. This classification lets you manage and configure devices with more control and access. For more information about managing and configuring corporate-owned devices, see [Identify devices as corporate-owned](corporate-identifiers-add.md).
66
56
67
57
## Compare enrollment options
68
58
69
-
Enrollment options vary by operating system (OS). When selecting a method, choose one that works with the devices and features you want to support. The tables in this section compare the methods available for each OS. The columns in each table show:
59
+
Enrollment options vary by operating system (OS). When selecting a method, choose one that works with the devices and features you want to support.
60
+
61
+
In this section, we'll use data tables to compare the available methods. Each table, separated by OS, shows the following data:
70
62
71
63
* Method: The enrollment method used to enroll devices in Intune.
72
-
* Enrollment type (Android only): The name of the Android enrollment type.
64
+
* Enrollment type (Android): The name of the Android enrollment type.
73
65
* Reset required: Tells you if devices are reset to factory default settings during enrollment. Options:
74
66
***Yes**: Existing data is wiped from devices during enrollment.
75
67
***No**: Existing data is retained on devices during enrollment.
@@ -78,12 +70,12 @@ Enrollment options vary by operating system (OS). When selecting a method, choos
78
70
***No**: Devices aren't associated with a user during enrollment, which is a typical configuration for kiosk, point of sale (POS), or shared-utility devices.
79
71
***Optional**: Microsoft Intune makes this setting available for you to configure on your own.
80
72
* MDM profile removeable: Tells you if users can remove the MDM profile from an enrolled device. Options:
81
-
***Yes**: Device users cannot unenroll devices. If
73
+
***Yes**: Device users cannot unenroll devices.
82
74
***No**: Device users can unenroll devices.
83
-
***Configurable via policy** (Android Enterprise only): There is a setting in Intune that lets you block factory resets on devices, which prevents users from unenrolling their devices, but it is not configured by default.
75
+
***Configurable via policy** (Android Enterprise): There's a setting in Intune that lets you block factory resets on devices, which prevents users from unenrolling their devices, but it is not configured by default.
84
76
85
77
### iOS/iPadOS enrollment methods
86
-
You can use the following enrollment methods with iOS/iPadOS devices:
78
+
You can use the following methods to enroll iOS/iPadOS devices in Intune:
87
79
88
80
* Bring-your-own-device (BYOD)
89
81
* Device enrollment manager
@@ -102,7 +94,7 @@ You can use the following enrollment methods with iOS/iPadOS devices:
102
94
For more information about the iOS/iPadOS enrollment methods supported in Intune, see [Enroll iOS/iPadOS devices](ios-enroll.md).
103
95
104
96
### macOS enrollment methods
105
-
You can use the following enrollment methods with macOS devices:
97
+
You can use the following methods to enroll macOS devices in Intune:
106
98
107
99
* Bring-your-own-device (BYOD)
108
100
* Device enrollment manager
@@ -111,13 +103,13 @@ You can use the following enrollment methods with macOS devices:
For more information about the macOS enrollment methods supported in Intune, see [Set up enrollment for macOS devices](macos-enroll.md).
118
110
119
111
### Windows enrollment methods
120
-
You can use the following enrollment methods with devices running Windows:
112
+
You can use the following methods to enroll Windows devices in Intune:
121
113
122
114
* Bring-your-own-device (BYOD)
123
115
* Device enrollment manager
@@ -144,38 +136,42 @@ For more information about the Windows enrollment methods supported in Intune, s
144
136
To select the appropriate enrollment method for Android devices, consider the enrollment type you'll use and the device's ownership status (personal versus corporate-owned). For more information about the Android enrollment methods supported in Intune, see [Enroll Android devices](android-enroll.md).
145
137
146
138
#### Personal Android devices
147
-
You can set up user-initiated enrollment for people who want to use their personal devices at work or school. Employees and students initiate enrollment by signing into the Company Portal app with their work or school account. Intune supports personal devices within the following enrollment types:
139
+
You can set up user-initiated enrollment for people who want to use their personal devices at work or school. Employees and students initiate enrollment by signing into the Company Portal app with their work or school account.
140
+
141
+
Intune supports the following device management configurations on personal devices:
148
142
149
143
* Android Device Administrator (also referred to as *Android Device Admin*)
150
144
* Android Enterprise, personal owned with a work profile
151
145
146
+
In the table, this data is shown in the Enrollment type column.
|Android (AOSP) user-associated|QR code|Yes|Yes|Configurable via policy|
170
166
|Android (AOSP) userless|QR code|Yes|No|Configurable via policy|
171
-
|Android Device Admin|DEM-initiated via Company Portal**| No | No | No |
172
-
|Android Device Admin|User-initiated via Company Portal with pre-declared IMEI or serial number | No | Yes | No |
173
-
|Android Device Admin with Zebra Mobility Extensions|User or DEM-initiated via Company Portal**| No | Yes if user-initiated; no if DEM-initiated | No |
174
-
|Android Enterprise Dedicated|NFC, token, QR code, Zero Touch| Yes | No | Configurable via policy |
175
-
|Android Enterprise Fully Managed|NFC, token, QR code, Zero Touch| Yes | Yes | Configurable via policy |
176
-
|Android Enterprise corporate-owned with work profile| NFC, token, QR code, Zero Touch| Yes | Yes | Configurable via policy |
177
-
178
-
## Mobile device cleanup after MDM certificate expiration
167
+
|Android Device Admin|DEM-initiated via Company Portal| No | No | No |
168
+
|Android Device Admin|User-initiated via Company Portal with predeclared IMEI or serial number | No | Yes | No |
169
+
|Android Device Admin with Zebra Mobility Extensions|User or DEM-initiated via Company Portal| No | Yes if user-initiated; no if DEM-initiated | No |
170
+
|Android Enterprise dedicated|NFC, token, QR code, Google zero-touch| Yes | No | Configurable via policy |
171
+
|Android Enterprise fully managed|NFC, token, QR code, Google zero-touch| Yes | Yes | Configurable via policy |
172
+
|Android Enterprise corporate-owned with work profile| NFC, token, QR code, Google zero-touch| Yes | Yes | Configurable via policy |
173
+
174
+
## Mobile device record cleanup
179
175
180
176
The MDM certificate renews automatically as long as enrolled devices are communicating with the Microsoft Intune service. The MDM certificate doesn't renew for devices that have been wiped, or that fail to sync with Microsoft Intune for an extended period of time. Microsoft Intune deletes idle devices from record 180 days after the MDM certificate expires.
0 commit comments