This week a small blog post about the Company Portal app enrollment experience, for Windows 10 Desktop devices, that has been recently added to the Company Portal app. This new experience enables the end-user to perform the enrollment procedure during the initial sign-in to the Company Portal app and aligns the enrollment experience with the other supported platforms.. This blog post will show this new enrollment experience, the new alterative enrollment experience and the end result.
Main end-user enrollment experience
Now let’s start by looking at the main new end-user enrollment experience on Windows 10 Desktop devices via the Company Portal app. This complete experience is nothing more than the following 4 simple steps.
Alternative end-user enrollment experience
The alternative new experience, for Windows 10 Desktop devices, is available when the end-user clicks Skip for now during step 3 mentioned above. This enables the following experience in the Company Portal app.
End result
The end result during both new enrollment experiences is the same. In both cases the end-user will end-up with a workplace joined and Microsoft Intune managed Windows 10 Desktop device, as shown below.
Is it still needed to also perform the “enroll only in device management” on the connect to work or school settings page in order to get full MDM capabilities on both a Windows 10 desktop or mobile device?
I’ve seen conflicting information on which is the best way to enroll Windows 10 devices.
Company Portal-only?
Or Company Portal + MDM enrollment.
Thank you
Hi John,
The end result via the Company Portal app now provides the same end result of the standard Windows 10 MDM enrollment.
Peter
Oh good! That makes documentation much easier.
Thank you!
Hi, great blog!
is there a way to automate Intune enrollment for domain joined devices? It appears that automatic MDM enrollment works only for Azure AD joined devices.
In my scenario, we are considering removing SCCM and moving all the management to Intune, but the enrollment process is problematic for Domain Joined devices. Thank you!
Hi Jose,
Your biggest challenge, at this moment, is that a device can only be managed via MDM or SCCM. In other words, you first need to remove the SCCM client before you can enroll via MDM. Also, there is no auto enrollment for domain joined devices, only auto registration in Azure AD.
Regards,
Peter
Thanks for this.
We have local domain joined computers.
We are now looking at SCCM or Intune. If we enroll windows 10 devices into Intune, is there a way to permanently keep these corp devices enrolled so that the end user cannot unenroll ?
Hi Daniel,
There is a setting available to prevent the user from performing a MDM unenrollment.
Regards, Peter
Thanks! Did you have any further info on how to do this ?
Is it possible to prevent users from unenrolling from Intune when on MacOSX
Hi Daniel,
For Windows 10 devices you can look at this: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment
For macOS devices you can look at this (DEP): https://images.apple.com/business/docs/DEP_Guide.pdf
Regards, Peter