Automatically deploy Intune PC Client for Azure AD joined computers
Not entirely sure if this belongs here, or in Azure AD, however....
From reading the documentation, it appears that the for Windows 10 Enterprise PCs, they can be managed automatically upon joining the Azure AD domain as mobile devices only.
For corporate issued PCs, it would aid SMBs greatly if adding the Intune PC Client can be done automatically upon joining the PC to Azure AD. This would lower IT department's involvement in issuing new devices, so that company administration could just buy (for example) a Surface Pro and hand it to a new employee, along with the Azure AD/Office 365 credentials.
Finally ready to chew on BYOD but we need a actual easy way to deploy our things which includes intune please fix
Craig Debbo commented
We use Azure intune. We can't do an intune join unless our PCs are in-joined from their on-prem AD domain. So, we unjoin our local domain, enroll in inTune with a enrollment management account, then re-join our local domain.
We already have the settings to 'auto' join AAD. Would be nice if there was an extra step where the PC just auto-joined inTune too (while being locally joined to AD)
Screwy or broken? Anyways, please streamline this whole process. By comparison, iOS devices are enrolled when we order from Apple, and Chromebooks are enrolled immediately after we hit some key combo and log in with a google domain account.
Mark ter Weele commented
We want also automatically deploy Intune Client for computers who joining to Azure AD. Is there already a solution? It's a must have in our organization.
Aaron Marks commented
Agree with James... we really need all the PC-enrolled functionality from the classic Intune to be rolled over to Azure AD joined devices. It would be great if we got all of this (and more) without the need for an agent.
Tim Wootton commented
How about intune actually recognising Azure AD connected PC's, or even better if we deploy an Azure AD Virtual machine to do Group Policy management in Azure AAD, allow us to use this (with the full intune agent installed on the pc) to deploy Group Policy settings to Azure AD connected devices. The Intune Windows management capabilities are woefully lacking.
James Schwarzmeier commented
Or even better...let us manage all Azure AD-joined computers AS computers without the need for a separately installed client.
You have all my votes. Wow, this request dates back to August 2015... @Microsoft: Are you actually still developing Intune? We have just started contracting EMS and you are squeezing a **** lot of money for a product that doesn't address such salient cases within more than 18 months...
Alan Dooley commented
The main reason people want the Intune agent over using MDM is the greater flexibility in running MSI with transforms/msp patches or .Exe. if this was supported via MSN then needing the client would be less relevant.
Microsoft should just start including some form of Intune connector pre-installed in Win 10 ENT. If they want to push it as a management option, have it already on PCs and ready to go.
Better if the client isn't needed, but currently it is. It's bonkers that this is released as anything other than beta.
This provides some useful insight - https://social.technet.microsoft.com/Forums/en-US/71c182a7-3509-48cd-bfb8-3ac23d8dbf5a/maddening-windows-10-and-intune-problem?forum=microsoftintuneprod#73091780-a12d-4630-b38d-126bfe863c93. (Now over 12 months old at the time of posting this).
Chris Mills commented
Only in early test phase at the moment but we've had some success with this:
Has anyone found a solution for this yet?
Jan Ketil Skanke commented
The MDM API gives you even more flexibility for management. All the policies, certficate distribution, wifi setup, conditional access and then some is not available if you are using the Intune legacy agent insted of managing Windows 10 through the MDM Channel.
I suggest you all read up on what you get by doing this, you really dont need the agent.
Nima Gharib commented
I just tried Peter's link, and you're right "Anonymous". It just deploys the Company Portal through Windows Store.
Pretty useless not being able to install the full client on a Windows 10 device automatically. Why would anyone ever want to manage a computer as a mobile device. What are the gains.
J Crowley commented
Peter, this doesn't fix the issue as far as I can see. That's deploying Windows Store apps, not the InTune client?
Peter Selch Dahl commented
I think they fixed your request with this update:
/Peter Selch Dahl
The Intune client installation doesn't work automatically:
So please vote for this "idea"!!
Nigel Clark commented
Likewise.. Having just bought into the EMS suite expecting to be able to join windows 10 pc's using Azure AD and manage them fully within Intune, I feel disappointed that having been sold this product as an Enterprise solution, it falls quite short of my expectation.
My biggest frustration is the end users experience with the Intune client i.e. Office 365 does not passthrough the sign on due to the fact the pc is not a member of the Azure AD. In my experience, SSO has become an expectation these days with users so i'd be glad to see this fixed asap.
Steven DeQuincey commented
We are in the same position, but the clients 1000k client limit is a problem for us, so we're looking at MDM managed. I think more and more feature of the Win 10 MDM platform will be developed, and inTune capability to manage them built. It's just taking time :(
Kaj Niemi commented
Actually, having gone this through myself with MS support, you kind of have to choose:
1. MDM and configuration policies (password complexity, etc. etc.)
2. intune client, visibility into endpoint protection & all that
It does not seem like you could get both at the same time. It was kind of hinted that with the intune client you should apply policies via other means (= GPO) but it's not very cloudy to do so, is it ;-)