This step by step tutorial will take you through how to setup your Autopilot profile and configure the MDM and MAM scopes for automatic enrollment for Intune / Endpoint Manager.

This is Part 7 of a 13 part series.

=====================================================================

Welcome to part 7 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.

Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link
3. Enable Conditional Access and MFA (Multi factor authentication) - Link - This Article
4. Configure Conditional Access Terms of Use - Link
5. Company Terms and Conditions - Link
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link - This Tutorial
7a. More information regarding options for configuring the MDM and MAM user scopes - Link
8. Enrollment Status Page - Link
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link
13. Test autopilot via register online - Link

If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link

=====================================================================

Pre-requisite
The dynamic device group for autopilot should have been created earlier - Link

Group for Autopilot devices - AAD_Sec_Device_AutopilotDevices

======================================================================

Configure auto-enrollment -

In Endpoint Manager -
Navigate to Devices - Windows - Windows enrollment - Automatic Enrollment

Set the MDM user scope to 'All',
Set the MAM user scope to 'All'
Save

Note -
In this environment, I am configuring so that ALL end users can self-enroll their devices, including BYOD devices, which is why I am setting to ALL.

If you want to restrict user's ability to enroll devices, you could select the autopilot devices group and create a group for licensed users so that users can only enroll once licensed correctly.

Please read this article for more information regarding configuring the MAM and MDM scope and the options and implications for BYOD. - Link

====================================================================

Create an AutoPilot Deployment Profile

Devices - Enroll Devices

Scroll down and select - Deployment Profiles -

Create Profile - Windows PC

Name - Default Autopilot profile
Convert all targeted devices to Autopilot - Yes

More Info - Convert all targeted devices to Autopilot - Link

Configure as needed - (hover mouse over the info next to the asterisk for explanations)

Self deploying mode - No user assigned to the device - Link
Note - If choosing Self deploying mode - the devices must support TPM 2.0 hardware and TPM device attestation.

Assignments -
Included Groups - ... -

Select all devices if applicable -
Select - Add groups to browse and select the Autopilot devices group
Select - Next

Review and create -
Create

===============================================================

Check out all my tutorials - Link

Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link

1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online

===============================================================

About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.

You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry

Intune Administration for Beginners

Pages

Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment

Check out all my tutorials - Link

No comments:

Post a Comment