**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.
I have been discussing Windows Intune (now renamed Microsoft Endpoint Manager) for a decade now, and it is amazing how things have changed. Remember how simple it was to just download the Intune client and it automatically enrolled your devices to your tenant? It may be more complicated now… but that’s because it does so much more. For one thing, Endpoint Management relies on AzureAD membership (for Mobile Device Management (MDM), but not for Mobile Application Management (MAM)).
B
efore we go any further, there are two web portals you will need:
Azure Portal: https://portal.azure.com
Intune (MEM) Portal: https://endpoint.microsoft.com
So you joined your computer to AzureAD and realized that it is still not registered as an Intune-managed device? That is likely a simple configuration option. Let’s start here:
In the Microsoft Azure portal, navigate to Azure Active Directory. Once there, in the navigation pane, select Mobility (MDM and MAM).
In the Mobility (MDM and MAM) screen, ensure that both Microsoft Intune and Microsoft Intune Enrollment are added. If not, add them now.
Click the Microsoft Intune app. In the Configure screen, ensure the MDM user scope is either set to All, or if set to Some, that you select the group or groups that your Intune-licensed users are a member of. Close the screen.
Click the Microsoft Intune Enrollment app. In the Configure screen, ensure the MDM user scope is either set to All, or if set to Some, that you select the group or groups that your Intune-licensed users are a member of. Close the screen.
At this point, when a licensed user joins a computer to the AzureAD, the computer will now automatically become Intune managed. Let’s go through that quickly.
First, let’s make sure that the PC in question is not currently Intune-managed:
I am looking for a computer called AZ-W10-2, which is clearly not listed.
1) Connect to the computer that is not AzureAD joined.
2) In the Settings window, search for (or navigate to) Access work or school.
3) In the Access work or school window, click +Connect.
4) In the Microsoft account screen, click Join this device to Azure Active Directory.
![clip_image002[5]](https://mgarvis.files.wordpress.com/2021/05/clip_image0025.gif "clip_image002[5]")
5) In the Let’s get you signed in screen, enter your AzureAD account then click Next.
6) In the Enter password screen, ensure that the logo (if any) is correct; enter your password and then click Sign in.
7) A window will pop up to make sure you are connecting to the right organization. Verify the information is correct, then click Join:
The wheels will spin for a few seconds to a few minutes (depending on a number of factors), but then a screen will appear that will say You’re all set!
At this point, you should be able to return to your Azure AD portal and see the following:
Our device is now AzureAD joined, and the MDM is Microsoft Intune. However, if you still have your doubts, you can also jump over to your Intune (MEM) portal and see this:
There you go. It is not magic, there was no sleight of hand. If you don’t believe me, follow the steps above, and you too will have a newly-joined AzureAD device that is automatically Intune-administered!
The World According to Mitch 
Leave a Reply