You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/enrollment/windows-enrollment-methods.md
+14-4Lines changed: 14 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ keywords:
8
8
author: Lenewsad
9
9
ms.author: lanewsad
10
10
manager: dougeby
11
-
ms.date: 4/14/2021
11
+
ms.date: 01/31/2022
12
12
ms.topic: conceptual
13
13
ms.service: microsoft-intune
14
14
ms.subservice: enrollment
@@ -42,17 +42,27 @@ There are two ways to get devices enrolled in Intune:
42
42
- Users can self-enroll their Windows PCs
43
43
- Admins can configure policies to force automatic enrollment without any user involvement
44
44
45
+
> [!TIP]
46
+
> For guidance on which enrollment method is right for your organization, see [Deployment guide: Enroll Windows devices in Microsoft Intune](../fundamentals/deployment-guide-enrollment-windows.md).
47
+
45
48
## User self-enrollment in Intune
46
49
47
50
Users can self-enroll their Windows device by using any of these methods:
48
51
49
52
-[Bring your own device (BYOD)](../user-help/enroll-windows-10-device.md): Users enroll their personally owned devices by downloading and installing the **Company Portal App** This process:
50
53
- Registers the device with Azure Active Directory to gain access to corporate resource like email.
51
54
- Enrolls the device in Intune as a personal owned device (BYOD).
52
-
If an administrator has configured Auto enrollment (available with Azure AD premium subscriptions), the user only has to enter their credentials once. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials.
53
-
-**MDM only enrollment** lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC. This method isn't recommended because it doesn't register the device into Azure Active Directory. It also prevents the use of features such as Conditional Access.
55
+
56
+
If an administrator has configured Auto enrollment (available with Azure AD premium subscriptions), the user only has to enter their credentials once. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials.
57
+
-**MDM only enrollment** lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
58
+
59
+
This enrollment method isn't recommended because:
60
+
61
+
- It doesn't register the device into Azure Active Directory (AD). Users might not get access to organization resources, such as email.
62
+
- It prevents using some Azure AD features, such as Conditional Access.
63
+
54
64
-[Azure Active Directory (Azure AD) Join](/azure/active-directory/user-help/user-help-join-device-on-network) - Joins the device with Azure Active Directory and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune. The benefit of auto enrollment is a single-step process for the user. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials. Users enroll this way either during initial Windows OOBE or from Settings. The device is marked as a corporate owned device in Intune.
55
-
- [Autopilot](../../autopilot/enrollment-autopilot.md) - Automates Azure AD Join and enrolls new corporate-owned devices into Intune. This method simplifies the out-of-box experience and removes the need to apply custom operating system images onto the devices. When admins use Intune to manage Autopilot devices, they can manage policies, profiles, apps, and more after they're enrolled. There are four types of Autopilot deployment: [Self Deploying Mode](/windows/deployment/windows-autopilot/self-deploying) (for kiosks, digital signage, or a shared device), [User Driven Mode](/windows/deployment/windows-autopilot/user-driven) (for traditional users), [Windows Autopilot for pre-provisioned deployment](/windows/deployment/windows-autopilot/white-glove) enables partners or IT staff to pre-provision a PC running Windows 10 or Windows 11 so that it is fully configured and business-ready, and [Autopilot for existing devices](/windows/deployment/windows-autopilot/existing-devices) enables you to easily deploy the latest version of Windows to your existing devices.
65
+
- [Autopilot](../../autopilot/enrollment-autopilot.md) - Automates Azure AD Join and enrolls new corporate-owned devices into Intune. This method simplifies the out-of-box experience and removes the need to apply custom operating system images onto the devices. When admins use Intune to manage Autopilot devices, they can manage policies, profiles, apps, and more after they're enrolled. There are four types of Autopilot deployment: [Self Deploying Mode](/windows/deployment/windows-autopilot/self-deploying) (for kiosks, digital signage, or a shared device), [User Driven Mode](/windows/deployment/windows-autopilot/user-driven) (for traditional users), [Windows Autopilot for pre-provisioned deployment](/windows/deployment/windows-autopilot/white-glove) enables partners or IT staff to pre-provision a PC running Windows 10 or Windows 11 so that it’s fully configured and business-ready, and [Autopilot for existing devices](/windows/deployment/windows-autopilot/existing-devices) enables you to easily deploy the latest version of Windows to your existing devices.
0 commit comments