Automatically deploy Intune PC Client for Azure AD joined computers
Not entirely sure if this belongs here, or in Azure AD, however....
From reading the documentation, it appears that the for Windows 10 Enterprise PCs, they can be managed automatically upon joining the Azure AD domain as mobile devices only.
For corporate issued PCs, it would aid SMBs greatly if adding the Intune PC Client can be done automatically upon joining the PC to Azure AD. This would lower IT department's involvement in issuing new devices, so that company administration could just buy (for example) a Surface Pro and hand it to a new employee, along with the Azure AD/Office 365 credentials.
Aaron Marks commented
Agree with James... we really need all the PC-enrolled functionality from the classic Intune to be rolled over to Azure AD joined devices. It would be great if we got all of this (and more) without the need for an agent.
Tim Wootton commented
How about intune actually recognising Azure AD connected PC's, or even better if we deploy an Azure AD Virtual machine to do Group Policy management in Azure AAD, allow us to use this (with the full intune agent installed on the pc) to deploy Group Policy settings to Azure AD connected devices. The Intune Windows management capabilities are woefully lacking.
James Schwarzmeier commented
Or even better...let us manage all Azure AD-joined computers AS computers without the need for a separately installed client.
You have all my votes. Wow, this request dates back to August 2015... @Microsoft: Are you actually still developing Intune? We have just started contracting EMS and you are squeezing a **** lot of money for a product that doesn't address such salient cases within more than 18 months...
Alan Dooley commented
The main reason people want the Intune agent over using MDM is the greater flexibility in running MSI with transforms/msp patches or .Exe. if this was supported via MSN then needing the client would be less relevant.
Microsoft should just start including some form of Intune connector pre-installed in Win 10 ENT. If they want to push it as a management option, have it already on PCs and ready to go.
Better if the client isn't needed, but currently it is. It's bonkers that this is released as anything other than beta.
This provides some useful insight - https://social.technet.microsoft.com/Forums/en-US/71c182a7-3509-48cd-bfb8-3ac23d8dbf5a/maddening-windows-10-and-intune-problem?forum=microsoftintuneprod#73091780-a12d-4630-b38d-126bfe863c93. (Now over 12 months old at the time of posting this).
Chris Mills commented
Only in early test phase at the moment but we've had some success with this:
Has anyone found a solution for this yet?
Jan Ketil Skanke commented
The MDM API gives you even more flexibility for management. All the policies, certficate distribution, wifi setup, conditional access and then some is not available if you are using the Intune legacy agent insted of managing Windows 10 through the MDM Channel.
I suggest you all read up on what you get by doing this, you really dont need the agent.
Nima Gharib commented
I just tried Peter's link, and you're right "Anonymous". It just deploys the Company Portal through Windows Store.
Pretty useless not being able to install the full client on a Windows 10 device automatically. Why would anyone ever want to manage a computer as a mobile device. What are the gains.
Peter, this doesn't fix the issue as far as I can see. That's deploying Windows Store apps, not the InTune client?
Peter Selch Dahl commented
I think they fixed your request with this update:
/Peter Selch Dahl
The Intune client installation doesn't work automatically:
So please vote for this "idea"!!
Nigel Clark commented
Likewise.. Having just bought into the EMS suite expecting to be able to join windows 10 pc's using Azure AD and manage them fully within Intune, I feel disappointed that having been sold this product as an Enterprise solution, it falls quite short of my expectation.
My biggest frustration is the end users experience with the Intune client i.e. Office 365 does not passthrough the sign on due to the fact the pc is not a member of the Azure AD. In my experience, SSO has become an expectation these days with users so i'd be glad to see this fixed asap.
Steven DeQuincey commented
We are in the same position, but the clients 1000k client limit is a problem for us, so we're looking at MDM managed. I think more and more feature of the Win 10 MDM platform will be developed, and inTune capability to manage them built. It's just taking time :(
Kaj Niemi commented
Actually, having gone this through myself with MS support, you kind of have to choose:
1. MDM and configuration policies (password complexity, etc. etc.)
2. intune client, visibility into endpoint protection & all that
It does not seem like you could get both at the same time. It was kind of hinted that with the intune client you should apply policies via other means (= GPO) but it's not very cloudy to do so, is it ;-)
After doing an Azure AD join and the configuration sets the Windows 10 to register in Intune it registers as an mobile device.
If the full features for managing the Windows 10 is wanted we need the Intune Agent installed.
Please make an option in the client install to take over the MDM management.
Actually Claus, this does not deploy the Intune PC Client. This only enrolls the Windows 10 device as a Mobile Device, which has a very limited subset of the full device management options available.
Claus Nielsen commented