Enroll Windows 10 device in Microsoft Intune, Bring Your Own Device (BYOD)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys I hope you all are doing well and Welcome to our phase 365 Concepts this is the seventh video of Microsoft InTune series in the last video we enrolled corporate on Windows 10 machine using self enrollment method in this particular video I will demonstrate to you how to enroll a personally owned Windows 10 machine to Microsoft InTune we will learn how to check status of the enrolled device how to sync a device manually from endpoint manager and from the device itself and how to collect logs to troubleshoot a device enrollment failure as we discussed in the previous session the personally on device is where you login with your personal credentials where you use your personal account and password to log into the machine that is the personally owned device this is a Windows 10 machine where I'm logged in with a personal account this machine is hosted on VMware Workstation and I will be using this machine for this particular demo so let's go to endpoint manager and I already have a user account created in Azure active directory with name John Smith and this account has Microsoft InTune license assigned so this user has Enterprise mobility and security E5 license and this particular license has InTune plan included so I will be using this particular account to enroll a personal Windows 10 device we will also create a compliance policy and a configuration profile and we will apply these two policies only on the personal devices so for this we will create a security group new group give it a name let's give it a name like personal windows devices and under membership type we will select Dynamic device go to add Dynamic query now as I said we will create compliance policy and configuration profile and we will apply these two policies only on the personally oned Windows devices so for this we will create condition so the first condition will be device ownership device ownership equals personal and we will add one more condition and device operating system type equals windows so this means any device that has operating system Windows and the device ownership of that device is personal when you go to endpoint manager in devices windows in the last session we enrolled a corporate on device and under ownership it says corporate but when you will enroll a personally owned device no matter you are enrolling Windows iOS or Android under ownership it will show personal so here in group we are defining that a device ownership equal personal and device operating system equals windows so any device that has Windows operating system and is personally on that particular device will be added in this group so create this query click save and create the group so personal Windows devices Security Group is created now let's go back to endpoint manager and we will go to devices Windows devices and we will click compliance policies because we will create a compliance policy for Windows devices so click compliance policies click create policy select platform Windows 10 and later click create and here we will give it a name personal windows devices next now here you can go through these settings you can select any setting as per your requirement as per your organization security requirements we have discussed how compliance policy works if you have missed that video you can go through this series and you will be able to understand how compliance policy works so for this particular demo I'll select very basic options like firewall and Antivirus click next now under actions for non-compliance I'll go with default that says if a particular device doesn't meet these two requirements firewall and Antivirus the one that we configured these two conditions if any device doesn't meet these conditions then Mark that device as non-compliant in Microsoft in tune if you want to change the rule you can select any other rule as well from here click next under assignments we will add the security group that we just created so the name is personal Windows devices select the group this is added click next review the changes and click create so we have created compliance policy for personal Windows devices now we will again go to devices windows and now we will click configuration profiles create profile select platform Windows 10 and later under profile type we will select templates and here we will select let's select device restrictions click create give it a name personal Windows devices click next and here again you can check these settings you can select any setting as per your requirement that you want to enforce to the device I'll select general settings and under General I'll disable OneDrive file sync and I'll disable removable storage so click next under assignments we are going to add the same group for personal Windows devices select click next no changes required here review the changes if you want to make any other changes you can go back and you can select the settings again and go next next next and click create so this is how you can create a configuration profile now if we go back to group as of now we will not see any device or any member in this group because we haven't enrolled the device yet so now let's go back to machine and let's enroll this Windows device to InTune since this is a personal device we will be registering this device with Azure ad so we will go to settings and under settings we will go to accounts go to access work or school click connect if you want to join a particular device with Azure ad you will select this option join this device to Azure active directory if you want to join a machine with local ad domain your on-premise active directory domain in that case you will select this option join this device to a local active directory domain and if you want to register device with Azure ID you will type your email address here and if you are enrolling this device to InTune make sure that particular account has InTune supported license assigned so I will be using here John at office 365concepts.com enter the password we can see the terms and conditions that we created in our tenant and here we can see option to accept or decline if I click decline I will not be able to proceed with the enrollment so we will select accept let's click next so now this is asking me to add authentication method and this will ask me to create a pin so let me scan this QR code click next click done so it says you are all set we have added your account successfully you now have access to your organization's apps and services click done and here we can see the account is added now as we discussed in the previous session when you register or join a device to Azure ad you see disconnect but when a device is enrolled with InTune you will see info button also under info you will find the information related to the sync and you can create report as well we will discuss this later and let's go back now let's go to endpoint manager and Azure active directory as well and let's verify if this device is showing here or not let me close this window go to Azure active directory go to devices all devices and here we can see one device is registered and the owner is John Smith MDM is Microsoft InTune that means we are managing this device with the help of Microsoft InTune this device is compliant as per the security requirement that we defined in compliance policy if you want to check the attributes of this device you can click on the device and you can check the attributes from here and now let's go back to device and let's verify the enrollment status so let's go to command prompt and here let me maximize this and increase the font so here we will run dsreg CMD status hit enter so here we can see Azure 80 joint is set to no because we have registered this device to Azure ad so it should say workplace joint yes this indicates this device is registered with Azure ad and we should see MDM URL as well so here you can see workplace MDM URL which is your InTune server and so let's verify in Microsoft InTune portal or the endpoint manager portal go to devices windows Windows devices and here we can see this personal device ownership says personal so this personal device has been enrolled in Microsoft InTune and this device is compliant if you want to check the properties you can click on the device if you want to sync the device with endpoint manager let's say if administrator has created a new profile or a new policy with an endpoint manager and if you want to Force those policies or the applications to the device you can click sync click yes and this particular device will sync with the endpoint manager and rest you can see the properties here serial number device ownership personal owner of the device and if it is compliant or not operating system device model it says VMware because this particular device is hosted on VMware Workstation and now let's verify if this particular device is added within the security group that we created so let's go to groups and go to personal Windows devices go to members and here we can see this device is added as a member of this group now let's go back to machine and let me show you how to collect logs if you are facing any issues with Device enrollment or with the syncing the device so let me show you from the beginning let me close this window minimize the command prompt you will go to settings under settings you will go to accounts access World course cool you will click your email address that you use to register this device here you will see info click on info from here you can sync this device with endpoint manager like I have demonstrated you you can synchronize or you can push the changes from endpoint manager by clicking on sync in the same way if you want to synchronize a device with endpoint manager for the latest updates you can click on sync this device will sync with endpoint manager here you can see this sync progress and the date and time when the last sync was initiated under Advanced Diagnostic report you will see create report click on this and it will generate a report in this location C drive users public documents MDM Diagnostics click on export and let's go to this location that is C drive users public documents MDM Diagnostics so here you can see this file you can open this file with the browser and here you can see all the details of this device along with the configuration and the policies those are enforced on this particular device you'll find all the settings of the device in this particular file apart from this file let me minimize this and this apart from this you can go to Event Viewer and in Event Viewer expand applications and services logs expand Microsoft expand windows and here you will look for device management let me expand it device management Enterprise Diagnostics provider expand this click on admin logs and here you will see all the logs related to the device management if you want you can go through these logs and if you want to share these Logs with the administrator or the IT department for the further investigation or troubleshooting the device enrollment failure or any issue related to the sync or profile not getting configured policies are not getting pushed you'll find all the logs here apart from these logs you can run a command in command prompt that is MDM Diagnostics tool hyphen out here you will type the location where you want to create this particular file so under C drive they will be a folder created with name MDM and all the diagnostic logs will be exported to this folder hit enter so let's go to C drive here we can see MGM folder and here you will see all the MDM logs or InTune logs in this particular folder so you can go through these logs for further investigation and one thing I missed to show you the compliance policy and the configuration policy that we applied so go to devices Windows Windows devices personal device click on the device and here you will click device compliance so here we can see personal Windows devices there's compliance policy is applied on this particular machine and these are two options that we enabled within this compliance policy antivirus and firewall so this device is compliant because antivirus and firewall both are enabled on this particular machine and same way you can check device configuration here we can see personal Windows devices configuration profile is applied on this machine and we disabled OneDrive file sync and removable storage in this particular profile so these two are applied on the machine so we have discussed how to enroll a corporate on and personal on Windows device to InTune now there is one more way to enroll Windows devices to InTune and that is using company portal we will cover this enrollment method in next video and we will enroll Windows 11 device using company portal so this is how you enroll a personally on Windows device to Microsoft InTune in the next video we will learn how to enroll Windows 11 devices to Microsoft InTune using company Portal app so if you have learned something new from this particular video please write in comments and subscribe to the channel thank you guys thank you for your time take care

Info

Channel: Office365Concepts

Views: 8,810

Rating: undefined out of 5

Keywords: Corporate-owned windows 10, Enroll windows 10 device intune, bring your own device, byod, enroll byod windows device to intune, enroll personal devices to intune, intune training series, microsoft intune for beginners, microsoft intune training, office365concepts, intune tutorial for beginners, enroll personal device intune, enroll personal, enroll personal windows 10, enroll personal windows 10 intune, bring your own device (byod), office 365 concepts, what is microsoft intune

Id: tHK9dKf5foU

Channel Id: undefined

Length: 19min 46sec (1186 seconds)

Published: Tue Apr 11 2023