This blog is an addition to my previous blog, which showed you the difference between Entra Registered devices and Entra Joined devices. In this blog, I will show you what can be managed with your Entra Registered / Azure Ad Registered Devices being enrolled into Intune!
Please note: Your device needs to be enrolled in Intune and have the corresponding Intune Management Extension installed!
I will provide some examples of what is working and what is not. If you feel I forgot something worth mentioning, please send me a direct message.
1. Conditional access and requiring a compliant device:
Yes it works as mentioned here: Entra Joined vs. Entra registered devices | Azure AD (call4cloud.nl)
2. WUfB
Yes it works
3. Windows Expedited/ Feature updates:
Nope
Expedited updates, Feature Update deployment, and Drivers & Firmware deployments all require an AAD joined device and don’t work with AADR
4. Device Configuration Policies/Settings Catalog
Yes it works
As shown below, I am using Applocker to protect the device. On my AADR device, Applocker just got activated!
5. Endpoint Security:
Yes it works
When you want to add some security to your AADR devices, you are good to go! As shown below I can make sure the Endpoint Security profiles are deployed to my AADR devices!
6. Bitlocker Recovery Key in Intune:
Yes it works
7. Bitlocker Recovery Key Rotation:
Nope
The possibility to perform a “Bitlocker Key Rotation” is greyed out just as the options you have to click on “Locate Device” or “Rename Device”
8. PowerShell Scripts:
Yes it works
9. Win32Apps:
Yes it works
10. Proactive Remediations:
Yes it works (even when Microsoft tells us otherwise?)
You can find the proactive remediations script in the c:\windows\imecache\healthscripts folder.
If you are interested in more proactive remediations, please visit my blog about it!
Proactive Remediations – Call4Cloud
11. Company Portal Downloading apps
Yes it works
I often get this question, so I need to show you that it works.
12. Windows Hello for Business
Yes it works
When requiring Windows Hello to be configured on your devices, your AADR device will also prompt you to “set up a PIN”
13. Changing the Primary User
Nope… not possible
As shown below, when your device is AADR, it’s impossible to change the Primary user! The option to change the primary user will be greyed out!
Conclusion
Hopefully, this blog showed you that a lot of Intune features still work even when your device is Entra registered and not Entra Joined. Even when I personally think, the device should always be joined you could always choice for a Entra registered device