10 Ways To Enroll Windows 10 Into Intune

Sometimes, a picture tells a thousand words.

In this case, the above graphic illustrates ten different ways to enroll a Windows 10 device into Intune, Microsoft's Cloud MDM and it's probably reasonably safe to assume there could be 100 words to describe each of the ten methods, so 1000 words seems about right for the above image!

Read the full blog post here from Scott Duffey

I saw the above image and blog post on LinkedIn this morning and thought how applicable that is for the Education sector, where there are many permutations on how devices end up on a school network and varying levels of management applied to each. Schools, perhaps more than almost any other sector, have huge levels of BYOD (Bring Your Own Device), mixed in with school owned/leased devices and mixtures of platforms (Win10, MacOS, iOS, ChromeOS, Android).

Schools also have various stakeholders: Teachers, Administrators, Students, Board of Governors, Parents, Visitors. Most of those stakeholders have varying levels of expectations that they can bring a device and get access to the WiFi network. While not all of these devices will be enrolled and managed in Intune, it's important school IT administrators and IT partners understand that there are many ways to achieve this management and many 'entry points' into Intune as well. The blog post covers the current ten methods of:

1. Scenario 1: Add work or school Account (User Driven)
2. Scenario 2: Modern App Sign-in (User Driven)
3. Scenario 3: Enrol in MDM Only (User Driven)
4. Scenario 4: Azure AD Join (OOBE)
5. Scenario 5: Azure AD Join (AutoPilot)
6. Scenario 6: Enrol in MDM Only (Device Enrollment Manager)
7. Scenario 7: Azure AD Device Registration + Automatic Enrolment Group Policy Object
8. Scenario 8: SCCM Co-Management
9. Scenario 9: Azure AD Join (Bulk Enrolment)
10. Scenario 10: Azure AD Join (AutoPilot Self Deploying Mode)

The original blog post includes links to documentation for each of the above methods which is worth reading up on if they're new to you. #10 was definitely new to me and I can see a lot of application for that in school environments where you wish to rapidly and securely deploy kiosk style devices:

[caption id="attachment_5215" align="alignnone" width="894"] Still in preview, the Autopilot for Kiosk devices offers the most streamlined setup of any of the above 10, the device is AzureAD joined and enrolled into Intune with no user interaction at all[/caption]

Autopilot Kiosk Deployment relies on configuration inside of Intune:

My Perspective:

It's obvious to all that each successive release of Windows 10 has more MDM hooks and greater control via Intune. Understanding the correct pathways to enroll a device into Intune is important and there is now a wide range of options depending on the type of user and who owns the device.

I was talking to a school in Australia last month where there is a lot of SCCM in large schools - scenario 8 deals with that perfectly. Similarly, in May/June of this year we did many "Trial in a Box" where we demo'ed scenarios #4 and #9 showcasing to schools the quickest way to get school owned/leased/managed devices enrolled and managed into Intune.

If you're responsible for managing Windows 10 devices in your organisation, spending some time reading the original blog post and associated documentation linked from it, would be time well spent.