Streamline Device Onboarding: Automatic Enrollment for Windows, iOS & Android in Intune

By /

How to Set Up Automatic Enrollment for Windows, iOS, and Android in Microsoft Intune

Automatic enrollment streamlines how devices join Microsoft Intune. As soon as users connect their Windows, iOS, or Android devices to Microsoft Entra ID, Intune takes over—deploying policies, apps, and security controls without extra steps. This guide shows you how to configure automatic enrollment for Windows and bulk enrollment for iOS and Android.

Prerequisites

Before you begin:

  • A valid Microsoft Intune subscription
  • Microsoft Entra ID Premium P1 or P2 licenses for enrolling users
  • Intune set as the MDM authority
  • Global Administrator permissions in Microsoft Entra ID
  • Devices must have internet access and correct system time

Part 1: Automatic Enrollment for Windows Devices

Why It Matters

Automatic Windows enrollment ensures corporate and personal devices receive management policies right after joining Entra ID. Users simply sign in, and Intune configures devices automatically.

Steps to Enable

  1. Sign in to the Intune Admin Center (https://intune.microsoft.com).
  2. In the left pane, select Devices > Device onboarding > Enrollment > Windows.
  3. Under Automatic Enrollment, choose MDM user scope:
    • None: No auto-enrollment
    • Some: Select specific Azure AD security groups
    • All: Every eligible user auto-enrolls
  4. Click Save.
  5. Leave the default MDM URLs unchanged unless your organization has custom MDM endpoints.

Test BYOD Enrollment

  1. On a Windows 10/11 PC, go to Settings > Accounts > Access work or school.
  2. Click Connect and enter your work or school email.
  3. The device will join Entra ID, auto-enroll in Intune, and begin receiving targeted policies and apps based on group membership.

Part 2: Bulk Enrollment for iOS and iPadOS

Automated Device Enrollment (ADE)

For corporate-owned Apple devices, ADE via Apple Business Manager (ABM) lets you pre-configure hundreds of iPhones and iPads to enroll automatically.

Requirements

  • Apple Business Manager account
  • Devices purchased through Apple or authorized resellers
  • Intune linked to ABM via an MDM server token

Setup Steps

  1. In the Intune portal, go to Devices > iOS/iPadOS > iOS enrollment > Enrollment Program Tokens. Upload your ABM MDM server token.
  2. In Apple Business Manager, assign devices to the Intune MDM server.
  3. Back in Intune, create an Enrollment Profile under iOS enrollment. Configure supervision, MDM lock, and user affinity.
  4. When users unbox their devices, ADE runs in Setup Assistant and enrolls them in Intune with no manual action.

Part 3: Bulk Enrollment for Android

Microsoft Intune supports multiple Android Enterprise enrollment methods based on corporate or shared-use scenarios.

Method 1: Fully Managed Devices

Ideal for corporate-owned Android devices where IT needs full control.

Requirements

  • Managed Google Play account linked to Intune
  • Android 8.0+ devices reset to factory settings

Setup Steps

  1. In Intune, navigate to Tenant administration > Connectors and tokens > Managed Google Play. Link your Managed Google Play account.
  2. Go to Devices > Android > Android enrollment > Corporate-owned, fully managed user devices. Create an Enrollment Profile.
  3. Choose an enrollment method: QR code, NFC, Zero-touch Provisioning (ZTP), or token-based.
  4. Provision devices by scanning the QR code or applying ZTP. Devices enroll automatically and receive policies.

Method 2: Corporate-Owned Work Profile (COPE)

For corporate devices that also allow limited personal use.

  • Setup similar to Fully Managed, but the profile creates a managed work container separate from personal apps.

Method 3: Dedicated Devices

For kiosk, retail, or education scenarios requiring single-purpose devices.

  • Use QR code or ZTP with a dedicated, locked-down profile and no user affinity.

Testing and Validation

  • Create pilot groups of users or devices.
  • Enroll test devices and monitor their status in Intune Admin Center > Devices > All devices.
  • Verify compliance policies apply and apps deploy correctly.
  • Use Intune’s Enrollment Status Page and Device Compliance Reports for detailed diagnostics.

Additional Resources

  • Enable automatic enrollment: Microsoft Learn
  • Windows device enrollment guide: Microsoft Learn
  • iOS ADE enrollment: Microsoft Learn
  • Android fully managed enrollment: Microsoft Learn
  • Android COPE enrollment: Microsoft Learn
  • Android kiosk enrollment: Microsoft Learn

By configuring automatic and bulk enrollment, you’ll deliver a seamless onboarding experience, ensure devices remain compliant, and enforce security policies from day one—whether users are on Windows, iOS, or Android.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top