This blog will show you how you could make sure, existing Azure Ad joined devices that are not yet enrolled into Intune are going to be enrolled into Intune.

A lot of customers will start their cloud journey by making use of Azure Ad as their Identity Provider. Most of the times, Intune wasn’t yet part of that journey. But what if you want to make sure your devices are being managed and the devices are already enrolled into azure but not into Intune?

Today I spend some time enrolling existing azure ad joined devices into Intune. These devices were Azure Ad joined without Intune enabled/configured.

There are 2 ways to make sure the device will be registered in intune

Option 1: Group Policy:  

You can open the group policy object editor and browse to

Computer Configuration > Administrative Templates > Windows Components > MDM.

And configure this setting like the picture below:

Option 2. Registry:

Another possibility would be to use the register. Create a reg file with this information in it

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM]
"AutoEnrollMDM"=dword:00000001
"UseAADCredentialType"=dword:00000001

Results:

When you apply one of these options. You will notice a new Task is being created in the task scheduler.

Give it some time… and the device will register itself in Intune… 🙂

Conclusion:

When your devices are already enrolled into Azure Ad, id doesn’t mean you will need to reinstall the devices to also enroll them into Intune