Enroll Windows 11 Devices in Intune using Company Portal App

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys I hope you all are doing well and welcome to Office 365 Concepts this is the eighth video of Microsoft InTune series in the last video we enrolled Windows 10 personally on machine to Microsoft InTune in this particular video we will learn how to enroll Windows 11 device to Microsoft in tune using company Portal app we will also learn how to check status of Windows 11 device post enrollment how to synchronize device with endpoint manager and how to collect logs to troubleshoot device enrollment issues when we enroll Windows 11 machine using company portal app that device is enrolled as a personal device in Microsoft endpoint manager that means when you will go to devices windows so that particular device will reflect as personal under ownership also that device will be added to Azure active directory as Azure ad registered device in Azure active directory I already have couple of users who have Microsoft engine license assigned for example I have John Smith and Bob Ross and this particular account has Mobility Enterprise Mobility Plus security E5 license assigned and this particular license has Microsoft engine plan one integrated so I will be using Bob Ross account to enroll Windows 11 machine using company Portal app and in the previous session we created compliance policy and configuration policy for personal Windows device so we will be using the same compliance policy this one personal Windows devices and this particular policy is enforced on this Security Group personal Windows devices so if you go to Azure ad groups and here is the group personal Windows devices go to Dynamic membership rule this rule says if the device ownership is personal and device operating system is Windows that particular device will be added within this Security Group so this particular compliance policy is enforced on this group and same way in previous session we created configuration profile for personal device and that is personal Windows devices configuration profile in this profile as well we have a security group added this one personal Windows device is same group that I have shown you here this one so we are going to use these two policies compliance policy and configuration profile so let's go to Windows 11 machine this is the machine that I will be using in this particular demo this Windows 11 machine is hosted on VMware Workstation instead of using company Portal app there are other ways as well that you can use to enroll a Windows 11 device let me show you those ways as well you will go to settings in settings go to accounts under accounts go to access work or school now if you are going to register a personal Windows 11 device or you are going to enroll a personal Windows 11 device you will click connect and here you will type the email address and the password of azure ready account that has Microsoft engine supported license assigned and if this is a corporate on Windows 11 device you will click this option join this device to Azure active directory if you want to join this device with your on-premise ad domain you will select this option join this device to a local active directory domain now let's say this device is already registered or joined with Azure active directory but now you want to enroll this device to Microsoft InTune so make sure first that account that you're going to use has Microsoft intern license assigned and then you will click enroll only in device management here you will type the email address and the password of that account and this device will be enrolled to Microsoft InTune but for this particular demo we are going to use company Portal app to enroll this Windows 11 personal device because in previous two sessions we have already discussed how to enroll a corporate on and personally on Windows 10 machine so to enroll a Windows 11 device using company portal app we need to download first company Portal app from Microsoft store so we'll go to Microsoft store in search section we will type company portal select this option so this is the app that we need to download first so we will click install so once this application is installed open the application let me maximize the screen now here we will use the email address and the password of azure ready account that has Microsoft InTune supported license assigned so for this demo I'm going to use Bob Ross account that is Bob at office 365concepts.com next enter the password and click ok so this is asking me to approve the sign in because in one of the previous videos when we enrolled a corporate on Windows 10 machine I added Bob at Office 365 concepts.com in my authenticator app so I will approve the sign in so it says you are all set we have added your account successfully you now have access to your organization's apps and services click done now here we can see two device categories if you are following this series from the beginning in one of the previous sessions we created device categories we created two categories one sales and one HR so let's say this particular user who is using or who is enrolling this device to InTune that particular user belongs to sales department of my company so he will select sales and he will select done now what will happen we have created a security group in Azure ad and we have created a condition in that group let me show you let's go to Azure ad and let me close this we can see groups here so this is the group devices sales team if you go to Dynamic membership role it says if device category equals sales that means when I'll enroll a device and if I'll select sales category sales category while enrolling the device that particular device will automatically be added within this group this one device is sales team so this is the purpose of creating a device category so that you can segment your devices as per your departments so let's go back to machine so this is enrolled now this machine is enrolled with Microsoft InTune now when you enroll a device using company portal you can manage multiple options using company portal itself for example if you go to apps from here you can install the applications those are enforced or added by an administrator in endpoint manager you will talk about applications later but from here also you can manage the applications provided administrator has enforced those applications on your machine apart from this if you want to sync your device you can sync it from settings in company portal you will go to settings you will click sync and from here this machine will sync with endpoint manager and it will fetch the recent updates those are updated by an admin on the endpoint manager apart from this you can select the theme and there are other details as well now if you go back to settings here under accounts access workout school we can see this account is added here now as we discussed in one of the previous sessions if you see only disconnect option that means either this device is registered with Azure ID or it is joined with Azure ID but if you see info option also that means this device or this machine is enrolled to Microsoft in tune so if you see info that means this particular machine is enrolled to InTune now if you go to info like you can see the options in Windows 10 same way you can sync device from here with endpoint manager if you want to create a diagnostic report you can click create report and this report will be created here C drive users public documents MDM Diagnostics click export go to C drive let's go to C drive in C drive you will go to users public documents MDM Diagnostics and here you can see this report so you can open this report with a browser and you can go through this report you will find lots of information here related to the device configuration and the MDM enrollment apart from this report let's verify the device status in command prompt let me maximize this so let's run d s r e g CMD slash status now this device is not joined with Azure ID this is not joined with on-premise ad but it should say workplace joint it says yes that means this device is registered with Azure ad and we can see workplace MDM URL as well so this means this device is enrolled with Microsoft InTune now let's go to Azure active directory first let's verify if this device is added within the groups Let me refresh the page so first let's verify the category this is the group where we have added the category sales go to members we can see this device is added here the display name is dq0 let's verify once go to command prompt type hostname this is the same dq0 so this device is added as per the sales category and let's verify the other group personal Windows devices members it's added here as well dq0 now go to Microsoft in tune portal or endpoint manager portal go to devices windows between those devices and here we can see this device is enrolled it's compliant and ownership says personal let's verify in Azure ID under devices we should see this device as registered with Azure ad so go to devices all devices and here we can see q0 Azure ad registered honor is Bob Ross MDM Microsoft InTune that means this device is enrolled with Microsoft InTune and we are using Microsoft InTune to manage this device it says compliant and if you want to check more attributes you can click on the device and from here you can check the attributes apart from this in Microsoft endpoint manager let's click on the device now if you want to synchronize this device from endpoint manager you will click sync click yes now this device will sync with endpoint manager so that means if you run sync from device in that case it's a pull action but when you sync a device from endpoint manager then it is push action that means from endpoint manager you are pushing the policies and from machine you are pulling the policies those are configured in endpoint manager and let's check the device compliance policies and we can see here personal Windows devices is applied configuration profile it's not synced yet so we might have to wait for some time but in couple of minutes it will reflect here so we can see everything is working fine and we have successfully enrolled a Windows 11 device using company portal in the next video we will learn how to enroll hybrid Azure ad joint devices to Microsoft InTune so if you have learned something new from this particular video please write in comments and subscribe to the channel thank you guys thank you for your time take care

Info

Channel: Office365Concepts

Views: 9,041

Rating: undefined out of 5

Keywords: Company portal app intune, office 365 concepts, windows 11, intune, how to enroll a windows device in intune, intune enrollment methods for windows devices, set up enrollment for windows devices, Enroll Windows 11 Devices in Intune, company portal app intune, enroll windows 11 intune, enroll windows 11 device, enroll windows 11 in azure ad, enroll windows 11 intune manually, windows 11 enroll intune, windows 11 enroll only in device management, company portal app intune not

Id: 4gF4g8wJvsA

Channel Id: undefined

Length: 14min 52sec (892 seconds)

Published: Thu Apr 13 2023