Windows 10 Azure AD Join with Intune Enrollment
By William Bracken
Published September 9, 2015
Estimated Reading Time: 3 minutes

Windows 10: Azure AD Join with Intune Enrollment

Hello again! I recently posted about a few cool, and not so cool features of Windows 10 Azure AD Join. One of the cools was the ability to automatically enroll a device in Intune upon joining Azure AD. At the time of that post this feature was not yet available. As you might have guessed by this post, this functionality now works! This includes standalone Intune as well as System Center Configuration Manager 2012 integrated Intune (Unified Device Management).

A great feature of automatic Intune enrollment is the ability to restrict enrollment to a Group of users. This can be a Cloud based Group, or an on prem Active Directory Group, sync’ed to Azure AD.

Let’s take a look and see how it works!

First and foremost, you must have an Intune subscription using the same tenant as your Azure Active Directory that you plan on joining is using. 🙂

Login to your Azure portal (manage.windowsazure.com) and select your Active Directory. Click the Applications link, and then click Microsoft Intune.

AzureIntune1

Click Configure, then near the bottom, slide the “Apply to” over to Groups. Click “Select Groups” and choose the group you want to limit enrollment to.

AzureIntune2
We have now limited whos devices will enroll in Intune upon joining Azure AD. Cool right?

Now let’s take a look at enrolling a Windows 10 (Enterprise or Pro) device into Azure AD with my account who is a member of the group we specified above. Note that you can also join Azure AD during the OOBE of a new Windows 10 computer. This post shows joining after OOBE and being logged in as a local administrator. The OOBE process is very similar.

Navigate to Settings > System > About, and select Join Azure AD.

AADJoin1

Click Next.
AADJoin2

Enter your credentials and click Sign In.
AADJoin3

If you are sure you want to join at this point click Join 🙂

AADJoin4.1

Click Finish. Your device will be joined to your Azure AD and Intune enrollment will happen momentarily (in the background, without user interaction).
AADJoin5

TIP: If you are greeted with “Something went wrong” message with error code 8019000a, ensure you do not have an SCCM Client installed as this is a hard stop for Azure AD join. If you do, uninstall it and Try again.
AADJoinError
[br]
Now lets take a look at SCCM to see our newly Intune enrolled Windows 10 computer.

SCCMEnrolled

Success!

As you can see, this is a very straight forward and painless process. I encourage you to start testing today and see how Azure AD Join and Microsoft Intune could be a part of your company’s future!

Post Tags:
Article By William Bracken
Partner – Model Technology Solutions William is an experienced and results-driven IT geek who is passionate about the “automation of things,” with an extensive background in systems management, advanced OS deployment automation, and overall infrastructure automation. He has more than 19 years of experience in IT, and has designed and implemented management solutions that have dramatically reduced support costs and ultimately brought consistent and well managed operating environments to organizations across the US.

Related Posts