Hey everyone! I'm diving into Windows device management and administration, particularly focusing on Intune and Entra (Azure AD). I'm finding it a bit confusing with all the different names and services. Our goal is to onboard brand new or existing laptops that aren't linked to any domain—they're completely standalone. I'm looking for the best way to join these devices to Entra. I've researched command line options for remote enrollment, but it seems the only methods available are the Out-of-Box Experience (OBOE) or having users manually enroll through their settings. Is that the right approach? It feels odd that Microsoft doesn't provide a remote command line option for this. Also, I've stumbled upon the idea of using Autopilot with Intune. How does that all fit together? Does Autopilot configure the device to be joined to Entra and then managed by Intune?
1 Answer
That sounds about right! I wouldn’t get too caught up in Autopilot just yet. First, focus on getting all of your devices Entra-joined and Intune-enrolled. Once that’s done, work on making all devices compliant and think about a lifecycle management plan. After that, you can categorize devices into groups (like Marketing, Finance, IT, etc.). Don’t forget about dynamic groups—they can be really helpful later! Then you can set up application distribution through Intune and get into device configurations and scripts. Only after that should you tackle Autopilot. Honestly, you might end up wasting a lot of time trying to automate the joining process when informing users could be simpler, especially for those who might struggle.
That would have been my ideal path as well, but unfortunately, we have two strict constraints: 1. Users can't be asked to do any actions, and we need to manage it all remotely or log into their machines. 2. We can't reset these devices without losing user data.