You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/autopilot/autopilot-device-guidelines.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ author: greg-lindsay
12
12
ms.author: greglin
13
13
ms.reviewer: jubaptis
14
14
manager: dougeby
15
-
ms.date: 12/16/2020
15
+
ms.date: 2/1/2022
16
16
ms.collection: M365-modern-desktop
17
17
ms.topic: troubleshooting
18
18
---
@@ -36,7 +36,7 @@ The following best practices ensure that devices can easily be provisioned as pa
36
36
- Before shipping devices to an Autopilot customer or channel partner, the OEM should upload 4K Hardware Hashes to Microsoft by using the CBR report. The hashes should be collected using the OA3 Tool RS3+ run in Audit mode on full OS.
37
37
- Microsoft requires that OEM shipping drivers get published to Windows Update within 30 days of the CBR submission date. System firmware and driver updates are published to Windows Update within 14 days.
38
38
- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel.
39
-
- When using a VM for Autopilot testing, assign at least 2 processors and 4gb of memory. This will help to prevent application install issues in Windows 10 devices with the [May 11, 2021 cumulative update](https://support.microsoft.com/topic/may-11-2021-kb5003173-os-builds-19041-985-19042-985-and-19043-985-2824ace2-eabe-4c3c-8a49-06e249f52527) installed. *Note: The [minimum system requirements](/windows/whats-new/windows-11-requirements#virtual-machine-support) for Windows 11 are 2 processors and 4gb memory.
39
+
- When using a VM for Autopilot testing, assign at least 2 processors and 4gb of memory. *Note: The [minimum system requirements](/windows/whats-new/windows-11-requirements#virtual-machine-support) for Windows 11 are 2 processors and 4gb memory.
40
40
41
41
## Software best practice guidelines for Windows Autopilot
Copy file name to clipboardExpand all lines: memdocs/intune/apps/apps-deploy.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -96,6 +96,9 @@ The following table lists the various options for *assigning* apps to users and
96
96
97
97
The app is now assigned to the groups that you selected. For more information about including and excluding app assignments, see [Include and exclude app assignments](apps-inc-exl-assignments.md).
98
98
99
+
> [!Tip]
100
+
> Intune supports assigning apps to nested groups too. For example, if you assigned an app to the "Enineering Global" group and have "Engineering APAC", "Engineering EMEA" and "Engineering US" nested as child groups, the members of those child groups will also be targeted with the assignment.
101
+
99
102
## How conflicts between app intents are resolved
100
103
101
104
A single group is prevented from being targeted for multiple app assignment intents, however if a user or a device is a member of multiple groups that are each assigned with different intents it will result in a conflict. Creating assignment conflicts for applications is not recommended.
Copy file name to clipboardExpand all lines: memdocs/intune/enrollment/android-fully-managed-enroll.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,7 @@ You must have an Intune standalone tenant to manage Android Enterprise fully man
46
46
47
47
Devices must meet these requirements to be managed as an Android Enterprise fully managed device:
48
48
49
-
- Android OS version 6.0 and above.
49
+
- Android OS version 8.0 and above.
50
50
- Devices must run a build of Android that has Google Mobile Services (GMS) connectivity. Devices must have GMS available and must be able to connect to GMS.
51
51
52
52
There is no restriction on device manufacturer/OEM if the above requirements are met.
@@ -75,4 +75,4 @@ You can now [enroll your fully managed devices](android-dedicated-devices-fully-
Copy file name to clipboardExpand all lines: memdocs/intune/enrollment/windows-enrollment-methods.md
+14-4Lines changed: 14 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ keywords:
8
8
author: Lenewsad
9
9
ms.author: lanewsad
10
10
manager: dougeby
11
-
ms.date: 4/14/2021
11
+
ms.date: 01/31/2022
12
12
ms.topic: conceptual
13
13
ms.service: microsoft-intune
14
14
ms.subservice: enrollment
@@ -42,17 +42,27 @@ There are two ways to get devices enrolled in Intune:
42
42
- Users can self-enroll their Windows PCs
43
43
- Admins can configure policies to force automatic enrollment without any user involvement
44
44
45
+
> [!TIP]
46
+
> For guidance on which enrollment method is right for your organization, see [Deployment guide: Enroll Windows devices in Microsoft Intune](../fundamentals/deployment-guide-enrollment-windows.md).
47
+
45
48
## User self-enrollment in Intune
46
49
47
50
Users can self-enroll their Windows device by using any of these methods:
48
51
49
52
-[Bring your own device (BYOD)](../user-help/enroll-windows-10-device.md): Users enroll their personally owned devices by downloading and installing the **Company Portal App** This process:
50
53
- Registers the device with Azure Active Directory to gain access to corporate resource like email.
51
54
- Enrolls the device in Intune as a personal owned device (BYOD).
52
-
If an administrator has configured Auto enrollment (available with Azure AD premium subscriptions), the user only has to enter their credentials once. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials.
53
-
-**MDM only enrollment** lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC. This method isn't recommended because it doesn't register the device into Azure Active Directory. It also prevents the use of features such as Conditional Access.
55
+
56
+
If an administrator has configured Auto enrollment (available with Azure AD premium subscriptions), the user only has to enter their credentials once. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials.
57
+
-**MDM only enrollment** lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
58
+
59
+
This enrollment method isn't recommended because:
60
+
61
+
- It doesn't register the device into Azure Active Directory (AD). Users might not get access to organization resources, such as email.
62
+
- It prevents using some Azure AD features, such as Conditional Access.
63
+
54
64
-[Azure Active Directory (Azure AD) Join](/azure/active-directory/user-help/user-help-join-device-on-network) - Joins the device with Azure Active Directory and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune. The benefit of auto enrollment is a single-step process for the user. Otherwise, they'll have to enroll separately through MDM only enrollment and reenter their credentials. Users enroll this way either during initial Windows OOBE or from Settings. The device is marked as a corporate owned device in Intune.
55
-
- [Autopilot](../../autopilot/enrollment-autopilot.md) - Automates Azure AD Join and enrolls new corporate-owned devices into Intune. This method simplifies the out-of-box experience and removes the need to apply custom operating system images onto the devices. When admins use Intune to manage Autopilot devices, they can manage policies, profiles, apps, and more after they're enrolled. There are four types of Autopilot deployment: [Self Deploying Mode](/windows/deployment/windows-autopilot/self-deploying) (for kiosks, digital signage, or a shared device), [User Driven Mode](/windows/deployment/windows-autopilot/user-driven) (for traditional users), [Windows Autopilot for pre-provisioned deployment](/windows/deployment/windows-autopilot/white-glove) enables partners or IT staff to pre-provision a PC running Windows 10 or Windows 11 so that it is fully configured and business-ready, and [Autopilot for existing devices](/windows/deployment/windows-autopilot/existing-devices) enables you to easily deploy the latest version of Windows to your existing devices.
65
+
- [Autopilot](../../autopilot/enrollment-autopilot.md) - Automates Azure AD Join and enrolls new corporate-owned devices into Intune. This method simplifies the out-of-box experience and removes the need to apply custom operating system images onto the devices. When admins use Intune to manage Autopilot devices, they can manage policies, profiles, apps, and more after they're enrolled. There are four types of Autopilot deployment: [Self Deploying Mode](/windows/deployment/windows-autopilot/self-deploying) (for kiosks, digital signage, or a shared device), [User Driven Mode](/windows/deployment/windows-autopilot/user-driven) (for traditional users), [Windows Autopilot for pre-provisioned deployment](/windows/deployment/windows-autopilot/white-glove) enables partners or IT staff to pre-provision a PC running Windows 10 or Windows 11 so that it’s fully configured and business-ready, and [Autopilot for existing devices](/windows/deployment/windows-autopilot/existing-devices) enables you to easily deploy the latest version of Windows to your existing devices.
0 commit comments