Integrating manual and automated device enrollment into Intune are crucial topics in the MS-101 Microsoft 365 Mobility and Security examination. This post will provide an overview of how to plan and implement these enrollments, drawing upon reliable documentation from Microsoft’s official guidelines.
Intune, Microsoft’s cloud-based service in the enterprise mobility management (EMM) space, enables administrators to control how their organization’s devices, including mobile phones, tablets and laptops, are used, including their security management and mobile application management.
1. Manual Enrollment into Microsoft Intune:
Manual enrollment into Intune requires physically handling each device to enroll it. While this may be feasible for small organizations, it can be time-consuming and arduous for larger firms with numerous devices. Nevertheless, here’s the process:
- Begin by signing into the Intune Company Portal application on your device. If it isn’t installed, download it from your respective application store.
- After logging in, go to device settings, and choose the option to enroll or add a device.
- Follow the prompts provided to end the process.
Remember to have configured these following prerequisites:
- The device must meet the system requirements for Intune.
- The user has an Intune license.
- The Intune portal app is installed on the device.
2. Automated Enrollment into Microsoft Intune:
Automated enrollment is suitable for larger organizations, where manually enrolling each device is impractical. Utilizing Windows Autopilot, all new devices can be automatically enrolled into Intune, without IT needing to physically touch each device.
Microsoft Intune provides automated enrollment options for different platforms like Android, iOS, Windows, and macOS devices.
Here’s a simplified process of automated enrollment using Windows Autopilot:
- Hardware ID of the device to be enrolled is initially uploaded to Autopilot Deployment service.
- Once the device connects to the internet during the Windows OOBE (Out Of Box Experience), Autopilot instructs the device to enroll into Intune.
- User then logs in to the device with their corporate credentials.
- Based on user’s sign-in, Autopilot will guide the device setup and apply configurations defined in Intune.
To note, automated enrollment prerequisites include:
- Devices must be registered to the organization.
- Devices must be pre-installed with Windows 10 version 1703 or later.
- Network connectivity to Autopilot services is required for the initial setup.
Comparing Manual and Automated Enrollment
| Manual Enrollment | Automated Enrollment | |
|---|---|---|
| Size | Best for small organizations | Ideal for larger enterprises |
| Effort | High effort required per device | Low effort on a per-device basis |
| User interaction | High user interaction | Minimal user interaction required |
| Device Reset | Not necessary | Device reset needed for deployment |
| Device readiness | Time-taking process | Faster and efficient device readiness time |
In conclusion, aligning your device enrollment strategy to your organization’s size, capacity, and requirements is crucial while using Intune. Automated enrollment promotes efficiency and is geared towards reducing heavy reliance on IT for device set-up, making it the preferable choice for most organizations.
Remember, understanding and mastering both manual and automated enrollment processes is critical for the MS-101 Microsoft 365 Mobility and Security exam. Thus, it is advised to get hands-on practice and study further resources to solidify your knowledge.
Practice Test
True/False: In the Intune Enrollment, the enrollment type ‘Managed devices’ is used to automatically enroll corporate-owned devices.
- True
- False
Answer: True
Explanation: ‘Managed devices’ is indeed an enrollment type used for the automatic inclusion of corporate-owned devices into Intune.
Which of the following are prerequisites for automated device enrollment in Intune?
- A) Microsoft 365 Business subscription
- B) Azure AD Premium subscription
- C) A device running Windows 10
- D) An Intune subscription
Answer: B, D
Explanation: For automated device enrollment to be done in Intune, Azure AD Premium subscription and an Intune subscription are prerequisites.
True/False: Devices enrolled using the ‘Bring Your Own Device (BYOD)’ method are usually manually enrolled on Intune.
- True
- False
Answer: True
Explanation: The Bring Your Own Device (BYOD) method often employs manual enrollment processes to add personal devices into Intune.
In manual device enrollment, which of the following user roles can enroll a Windows device in Intune?
- A) Global administrator
- B) User administrator
- C) Device enrollment manager
- D) Intune service administrator
Answer: A, C
Explanation: Both the global administrator and device enrollment manager user roles have the necessary permissions to manually enroll a Windows device into Intune.
Which of the following enrollment methods does not require a device to be factory reset before enrollment?
- A) Android Enterprise personally-owned devices with a work profile
- B) Android Enterprise corporate-owned fully managed user devices
- C) Android Enterprise corporate-owned work profile
- D) Android Enterprise corporate-owned dedicated devices
Answer: A
Explanation: Android Enterprise personally-owned devices with a work profile is the only enrollment method that doesn’t require a device to be factory reset before enrollment.
True/False: The device enrollment manager (DEM) account is a standard Intune user account with the permission to enroll more than 1,000 devices.
- True
- False
Answer: True
Explanation: The DEM account is a special type of Intune user account that can enroll more than 1,000 devices.
Which of the following is not a method to enroll iOS devices?
- A) Apple Configurator
- B) Device Enrollment Program
- C) Manually via the Intune Company Portal
- D) Knox Mobile Enrollment
Answer: D
Explanation: Knox Mobile Enrollment is a Samsung service for Android devices, not a method to enroll iOS devices.
True/False: To enroll devices using Windows Autopilot, you need to manually upload device information to Intune.
- True
- False
Answer: False
Explanation: With Windows Autopilot, you don’t need to manually upload device information to Intune. Device vendors automatically send device information during the order process.
Which of the following methods allows bulk enrollment of Windows devices?
- A) Windows Autopilot
- B) Manually via the Intune Company Portal
- C) Device Enrollment Manager (DEM)
- D) Both A and C
Answer: D
Explanation: Both Windows Autopilot and Device Enrollment Manager (DEM) allow for bulk enrollment of Windows devices.
True/False: For manual enrollment, the maximum number of devices per user is set to 5 by default.
- True
- False
Answer: True
Explanation: By default, the maximum number of devices per user that can be enrolled manually is set to 5 in Intune.
In Device Enrollment Managers (DEM), how many devices can one DEM user account enroll?
- A) 100
- B) 500
- C) 1000
- D) No limit
Answer: C
Explanation: One DEM user account can enroll up to 1000 devices.
True/False: The user needs administrative rights on the device to manually enroll it into Intune.
- True
- False
Answer: True
Explanation: To manually enroll a device into Intune, the user must have administrative rights on the device.
Which of these options is necessary to perform automated device enrollment in Intune?
- A) Microsoft Intune subscription
- B) OneDrive for Business subscription
- C) Office 365 subscription
- D) Microsoft Teams subscription
Answer: A
Explanation: An active Microsoft Intune subscription is necessary to perform automated device enrollment in Intune.
True/False: Manual device enrollment in Intune requires the device to be factory reset.
- True
- False
Answer: False
Explanation: Manual enrollment does not require factory reset of the devices. The requirement of factory reset is usually specific for some types of Android Enterprise enrollments.
True/False: The Intune Company Portal app must be installed on devices for both manual and automated enrollment.
- True
- False
Answer: True
Explanation: The Intune Company Portal app is the key component needed on devices for both manual and automated enrollments, as it provides entry to corporate resources.
Interview Questions
What is the initial step in the manual device enrollment process for Intune?
The first step in the manual device enrollment process is to sign in to the Intune portal and select “Devices.”
Can you describe how to automate device enrollment into Intune with Apple’s Device Enrollment Program (DEP)?
To automate device enrollment with Apple’s DEP, first sign into Intune and select “Device enrollment > Apple Enrollment > Enrollment program tokens > Add.” Next, follow the prompts to download a public key and upload it to Apple’s DEP portal. From there, download the server token from Apple and upload it to Intune.
How do you manually enroll a device into Intune on Windows 10?
To manually enroll a Windows 10 device into Intune, the user must go to Settings > Accounts > Access Work or School > Connect > enter the corporate email account. Then, the device will be automatically enrolled into Intune along with the user’s corporate access settings.
Can you explain how to automate device enrollment into Intune with Windows Autopilot?
To automate device enrollment with Windows Autopilot, go to the Intune portal and select “Devices > Enroll devices > Windows enrollment > Devices.” From here, you can upload a .csv file containing details for the devices you want to enroll.
What device platforms are supported by Intune?
Intune supports a variety of device platforms including Android, iOS, macOS, and Windows.
What are the prerequisites to enroll devices in Intune?
The prerequisites for enrolling devices in Intune include having an Intune license, an Azure Active Directory, the right operating system on your device, and a network connection.
Define the purpose of device categories in Intune enrollment?
Device categories in Intune are used to group devices for easier management and policy application.
How are Android Enterprise work profile devices enrolled into Intune?
Android Enterprise work profile devices can be enrolled into Intune by first downloading the Intune Company Portal app from Google Play, signing in with a corporate account, and then following the prompts to complete enrollment.
What is the purpose of the Bulk Enrollment for Windows devices in Intune?
Bulk Enrollment for Windows devices in Intune allows organizations to enroll a large number of devices without requiring the user to complete device setup steps.
Can you explain how to setup Android Enterprise Corporate-Owned with a Work profile in Intune?
To setup Android Enterprise Corporate-Owned with a Work profile in Intune, go to “Device enrollment > Android enrollment > Corporate-Owned with Work Profile.” From here, you can follow the prompts to setup enrollment token and QR code.
What is an enrollment profile in Intune?
An enrollment profile in Intune allows administrators to customize the out-of-the-box experience for users during device setup.
Can you explain the difference between automated enrollment and manual enrollment?
In automated enrollment, a device is automatically registered, enrolled, and configured for Intune when a user signs in with their corporate credentials. Manual enrollment requires users to manually sign into the Intune app or portal and complete the enrollment process.
How can we troubleshoot enrollment errors in Intune?
Troubleshooting enrollment errors in Intune can be done by examining the failure logs of the device, checking user permissions, or by using the Enrollments report in the Intune portal.
Can you describe why we need to configure an MDM authority in Intune?
Configuring an MDM authority in Intune helps to determine where users will be directed to enroll their devices and which services will manage them.
How do you enroll a macOS device into Intune?
To enroll a macOS device into Intune, users need to download the Intune Company Portal from the App Store, sign in with their corporate accounts, and follow the prompts to complete enrollment.
extutorials.com