Posted August 10, 2015 by Ronny de Jong Azure AD

Integrate your Microsoft Intune device enrollment with Azure AD!

May this year Microsoft announced a new capability of automatically enroll devices in Microsoft Intune as part of joining devices in to Azure AD (Premium). By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and management capabilities.

This will work with both Microsoft Intune and with 3^rd party MDM solutions. In this blog post I’ll show you how ease and transparent this process is and how powerful the integration is of Microsoft Online Services and Windows 10!

Once logged-in to your Azure subscription and browse to Azure Active Directory, under Applications the app Microsoft Intune is listed. By configuring the app you’re able to add a custom URL for a custom MDM terms of use and to scope the automatic enrollment process to a specific set of users by selecting one or more Azure AD security groups or make available to all your users (make sure you’ve enough EMS of Intune licenses available!).

Currently my Windows 10 device is unmanaged and normally I’ve to enroll this device manually in order to become a managed device in Microsoft Intune or Configuration Manager (hybrid).

We’re ready now to join a Windows 10 device to Azure AD and find out if the automatic enrollment to Microsoft Intune is working as supposed.

Once signed-in using my Azure AD company account (which is a federated account from on-premise AD) my Windows 10 laptop is successfully joined to Azure AD.

Once my Windows 10 devices has joined to Azure AD and we go to the Work Access section you’ll notice my device is automatically registered and therefore successfully managed by Microsoft Intune.

In based on the Azure AD Join action my Windows 10 device is registered in Azure AD as you can see below.

From now on I’m also taking benefit of single sign-on experience regarding Microsoft Online services (e.g. Office 365, Intune and Azure) because I’m already logged-in on my Windows 10 machine with my Azure AD account. Due to seamless integration of Windows 10 and Azure AD I’ve to provide my credentials once when log-on to my Windows 10 device.

And as a result of the new automatic enrollment feature of Azure AD my Windows 10 device ends-up automatically in Microsoft Intune! It’s registered in Azure AD (as part of the Azure AD Join action) and is managed.

These criteria are mandatory for enabling conditional access scenarios defined in Microsoft Intune or Configuration Manager and provides you control under which circumstances and criteria user are able to access corporate resources.

Currently this functionality is in preview and is available to you as part of your Azure Active Directory (Premium) subscription. To take full advantage of this great feature you’re requires the following subscriptions & software: