We’re seeing the rapid advancements in technology and has evolved significantly in recent years. Mobile Device Management (MDM) allows management, security, monitoring for malware, distribution of apps and business data security. Administrators can manage, monitor and secure their mobile workforce remotely – all from a unified cloud-based dashboard. MDM provides a wide range of security, monitoring, integrating and managing not just in mobile devices – smartphones & tablets – but also laptops, desktops and even IoT devices in the workplace.
INTUNE Device Registration
Mobile device management (MDM) solution in Intune is a new foundation for device-based conditional access security enhancement. If you register your devices with Intune, its provide an identity that is used to authenticate when the user signs in and Azure AD is updated with additional information about the device. This allows you to create additional conditional access rules that enforce access from devices to meet your organizational security compliance standards. You can extend conditional access policies for applications for these authenticated devices for better control on what applications access are allowed in those devices.
Important:
MDM Supported Devices
- Windows 10 (min version 1709, Build 16299.271)
- Windows 8.1 PC
- IOS 9.0
- Android 4.0 and later
- Mac OSX 10.9 and later
For detailed updates on supported devices, please visit https://docs.microsoft.com/en-us/sccm/mdm/plan-design/supported-device-platforms-for-hybrid
Pre-Requisites
- MDM Registration supports Windows 10 devices only and minimum required Version is 1709 & OS Build:16299.371 or higher
- Check your Windows Version installed in your system. Navigation: Settings -> System -> About. Please see the screenshot below:
- If you see Windows Update is showing Up-To-Date but, not updated with the required version or windows update fails repetitively, follow.
- Manually download and upgrade windows 10 here
- Click on “Update Now” and follow the onscreen instructions and update.
- Uninstall all end-point-securities or Antivirus software if any.
- If you get an error saying “Intune installed” however it does not reflect in programs, it may be due to earlier failed attempt to install Intune. Please force un-install as per the steps below:
- Collect the “service ID” value from Registry location HKLM\SOFTWARE\Microsoft\OnlineManagement
- Open “Command Prompt” with Run as Administrator
- Change the Directory to C:\ProgramFiles\Microsoft\OnlineManagement\Common
- Run the command: ProvisioningUtil.exe /UninstallClient /ServiceId “{}” /TaskName “tempTask” /SubEventId 16
- Now the System is ready for Intune Registration.
Registration process outline
- You may register in Azure Intune external non-domain-joined devices with work or school account.
- Update windows 10 to the latest version before MDM Registration.
- You can enroll the device automatically to a MDM using group policy, if the machine is domain joined and registered in AAD.
Registration steps for Windows 10 PC
- Navigation: Type Settings in the search box -> Accounts -> Access work or School
- See the screenshot below:
- Select “Enroll only in Device Management” as screenshot below and provide your work or school account credential.
- Now, you can check the Enrollment status of your device.
- Your device is registered with MDM, if you see all the below icons are green at Windows Defender Security Center as screenshot below.
- You must check the company Azure portal to check the device status is Compliant with MDM or not. If you see the device is compliant means the device is successfully registered in Azure Intune.
You may also like: Learn how to proactively identify and protect your sensitive information
How do you know if it has worked?
- Go to Windows Settings as screenshot below
- Navigate at Accounts -> Access Work or School and you should see “Connected to company MDM”
- Click on Info and you will get the full information about the device registration similar to screenshot below
- Check the following parameters
- Last Attempt Sync Should Successful.
- Exchange ID should not blank.
- You can create an Advance Diagnostic Report to check the device status.
- you must check the Azure portal to check the device is Compliant or not. If you see the device is compliant means the device is successfully registered in Azure Intune.
Download the Datasheet to learn more about Netwoven’s Information Protection and Compliance service.
Download the Solution Brief to learn how Netwoven’s solution proactively identifies and protects your sensitive data.
I have enrolled 1703 device also. You have put requirement is 1709 or above