In this video, learn how a device can be registered with Azure AD using Device Registration.
- [Instructor] Let's drop onto our demo environment. I want to show you how to take a personal device owned by Jordan, and see how to register it as a personally owned device into Azure AD and manage it using Intune. Jordan wants to work on some corporate documentation at home using his Windows 10 PC. To allow this, we'll need to register the device with our Corporate Azure AD tenant. Therefore he could become compliant and be granted access to our corporate resources. First, I'll ensure that Jordan has a license for Intune. I've signed into my Office.com as an administrator, and then on my Microsoft 365 admin center, I'll select users, active users, search for Jordan. I'll select Jordan and then take a look at licenses. Here we can see he has an Enterprise Mobility and Security E5 license, and an Office 365 E5 license. If I drop down the hours I can see that he has a Microsoft Intune license. He also has Azure Active Directory P1 and P2 licensing. I'll scroll down under the admin centers and select device management, which will open the Microsoft 365 device management portal. I now want to check another prerequisite has been configured. I'll select device enrollment, and here you can see under manage, we have Apple enrollment, Android enrollment, and Windows enrollment. I'll select the automatic enrollment. This allows Jordan to automatically enroll his device into Intune. In order to configure this feature, we need to select the NDM user scope to all or some. If we select some, we can define which users or devices can be allowed to join the devices to Intune. If we want to manage application management, I should also select all, or some, under the mam user scope. I'll click save. Your tenant needs to have this configured to allow users to enroll their devices. I'll now head over to Jordan's personal device. I'll open settings and then click accounts. We can see Jordan's device has been configured as a personal device and is using his Microsoft account. On the left-hand side, under accounts, I'll select access work or school. And then click connect. Notice there are a couple of options here. The options at the bottom of the dialogue page allow us to fully enroll a corporate-owned device into Azure Active Directory and Intune, which will then be fully managed. We don't want to take that option, because this device belongs to Jordan as a BYOD PC. I'll enter Jordan's corporate email address for my demo tenant and click next. I'll ask him to provide his password and click sign in. The wizard should automatically find the contoso Azure AD tenant. We may see a message indicating that the company or school is registering the device. We'll then see the "You're All Set" screen. I can click done. In the settings, we can now see a work or school account is listed. If Jordan no longer wants his personal device to be connected to the company tenant, he can easily select the account and then click disconnect. In this way the account will be removed and the device will be deregistered. If we return to the "Your Info" page, we can confirm the device is still registered for the Microsoft account for Jordan, and that the desktop and personalization are still very much Jordan's own design. To complete the registration process, you may need to restart the machine and log back on using the Microsoft account. Let's head back to the Microsoft 365 device management portal. Under favorites I'll select devices, and under manage, I'll select the Azure AD devices. And here we can see that Jordan's PC has been registered to Azure Active Directory.
This course closely aligns to the first two domains of exam MD-101: Managing Modern Desktops: Deploy and update operating systems and Manage policies and profiles.
- Implementing Windows 10
- Provisioning packages
- Deploying Windows 10 using Windows Autopilot
- Upgrading to Windows 10
- Managing Windows Update for Business
- Managing device authentication
- Working with user profiles
- Managing Windows 10 using Microsoft Intune
- Managing policy precedence