Entra Registered Devices in Intune: What You Need to Know

Patch My Pc | install & update thousands of apps

This blog is an addition to my previous blog, which showed you the difference between Entra Registered devices and Entra Joined devices. In this blog, I will show you what can be managed with your Entra Registered / Azure Ad Registered Devices being enrolled into Intune!

Please note: Your device needs to be enrolled in Intune and have the corresponding Intune Management Extension installed!

I will provide some examples of what is working and what is not. If you feel I forgot something worth mentioning, please send me a direct message.

1. Conditional access and requiring a compliant device:

Yes it works as mentioned here: Entra Joined vs. Entra registered devices | Azure AD (call4cloud.nl)

Conditional Access will work with Entra registered devices

2. WUfB

Yes it works

WIndows Update works on Entra Registered Devices
Afbeelding met tekst  Automatisch gegenereerde beschrijving

3. Windows Expedited/ Feature updates:

Nope

Expedited updates, Feature Update deployment, and Drivers & Firmware deployments all require an AAD joined device and don’t work with AADR

Feature updates are not supported for Entra registered devices

4. Device Configuration Policies/Settings Catalog

Yes it works

As shown below, I am using Applocker to protect the device. On my AADR device, Applocker just got activated!

Settings Catalog and Applocker will work with Entra registered devices

5. Endpoint Security:

Yes it works

When you want to add some security to your AADR devices, you are good to go! As shown below I can make sure the Endpoint Security profiles are deployed to my AADR devices!

Endpoint Security will work with Entra registered devices

6. Bitlocker Recovery Key in Intune:

Yes it works

Afbeelding met tekst  Automatisch gegenereerde beschrijving

7. Bitlocker Recovery Key Rotation:

Nope

Afbeelding met tekst  Automatisch gegenereerde beschrijving

The possibility to perform a “Bitlocker Key Rotation” is greyed out just as the options you have to click on “Locate Device” or “Rename Device”

bitlocker key rotation greyed out on entra registered devices

8. PowerShell Scripts:

Yes it works

Afbeelding met tekst  Automatisch gegenereerde beschrijving

9. Win32Apps:

Yes it works

Afbeelding met tekst  Automatisch gegenereerde beschrijving
Deploying apps on entra registered devices works

10. Proactive Remediations:

Yes it works (even when Microsoft tells us otherwise?)

pr

You can find the proactive remediations script in the c:\windows\imecache\healthscripts folder.

proactive remediations work on entra registered devices

If you are interested in more proactive remediations, please visit my blog about it!

Proactive Remediations – Call4Cloud

11. Company Portal Downloading apps

Yes it works

I often get this question, so I need to show you that it works.

install apps from the company portal works on azure ad registered devices

12. Windows Hello for Business

Yes it works

When requiring Windows Hello to be configured on your devices, your AADR device will also prompt you to “set up a PIN”

13. Changing the Primary User

Nope… not possible

As shown below, when your device is AADR, it’s impossible to change the Primary user! The option to change the primary user will be greyed out!

Conclusion

Hopefully, this blog showed you that a lot of Intune features still work even when your device is Entra registered and not Entra Joined. Even when I personally think, the device should always be joined you could always choice for a Entra registered device

Leave a Reply

Your email address will not be published. Required fields are marked *

  −  2  =  6

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.