Microsoft

Microsoft Intune Feedback

How can we improve Microsoft Intune

Automatically deploy Intune PC Client for Azure AD joined computers

Not entirely sure if this belongs here, or in Azure AD, however....

From reading the documentation, it appears that the for Windows 10 Enterprise PCs, they can be managed automatically upon joining the Azure AD domain as mobile devices only.

For corporate issued PCs, it would aid SMBs greatly if adding the Intune PC Client can be done automatically upon joining the PC to Azure AD. This would lower IT department's involvement in issuing new devices, so that company administration could just buy (for example) a Surface Pro and hand it to a new employee, along with the Azure AD/Office 365 credentials.

470 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Shane DayShane Day shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    20 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Aaron MarksAaron Marks commented  ·   ·  Flag as inappropriate

        Agree with James... we really need all the PC-enrolled functionality from the classic Intune to be rolled over to Azure AD joined devices. It would be great if we got all of this (and more) without the need for an agent.

      • Tim WoottonTim Wootton commented  ·   ·  Flag as inappropriate

        How about intune actually recognising Azure AD connected PC's, or even better if we deploy an Azure AD Virtual machine to do Group Policy management in Azure AAD, allow us to use this (with the full intune agent installed on the pc) to deploy Group Policy settings to Azure AD connected devices. The Intune Windows management capabilities are woefully lacking.

      • James SchwarzmeierJames Schwarzmeier commented  ·   ·  Flag as inappropriate

        Or even better...let us manage all Azure AD-joined computers AS computers without the need for a separately installed client.

      • GabeGabe commented  ·   ·  Flag as inappropriate

        You have all my votes. Wow, this request dates back to August 2015... @Microsoft: Are you actually still developing Intune? We have just started contracting EMS and you are squeezing a **** lot of money for a product that doesn't address such salient cases within more than 18 months...

      • Alan DooleyAlan Dooley commented  ·   ·  Flag as inappropriate

        The main reason people want the Intune agent over using MDM is the greater flexibility in running MSI with transforms/msp patches or .Exe. if this was supported via MSN then needing the client would be less relevant.

      • KellanKellan commented  ·   ·  Flag as inappropriate

        Microsoft should just start including some form of Intune connector pre-installed in Win 10 ENT. If they want to push it as a management option, have it already on PCs and ready to go.

      • MarkMark commented  ·   ·  Flag as inappropriate

        Better if the client isn't needed, but currently it is. It's bonkers that this is released as anything other than beta.

        This provides some useful insight - https://social.technet.microsoft.com/Forums/en-US/71c182a7-3509-48cd-bfb8-3ac23d8dbf5a/maddening-windows-10-and-intune-problem?forum=microsoftintuneprod#73091780-a12d-4630-b38d-126bfe863c93. (Now over 12 months old at the time of posting this).

      • Jan Ketil SkankeJan Ketil Skanke commented  ·   ·  Flag as inappropriate

        The MDM API gives you even more flexibility for management. All the policies, certficate distribution, wifi setup, conditional access and then some is not available if you are using the Intune legacy agent insted of managing Windows 10 through the MDM Channel.
        I suggest you all read up on what you get by doing this, you really dont need the agent.

      • Nima GharibNima Gharib commented  ·   ·  Flag as inappropriate

        I just tried Peter's link, and you're right "Anonymous". It just deploys the Company Portal through Windows Store.

        Pretty useless not being able to install the full client on a Windows 10 device automatically. Why would anyone ever want to manage a computer as a mobile device. What are the gains.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Peter, this doesn't fix the issue as far as I can see. That's deploying Windows Store apps, not the InTune client?

      • Nigel ClarkNigel Clark commented  ·   ·  Flag as inappropriate

        Likewise.. Having just bought into the EMS suite expecting to be able to join windows 10 pc's using Azure AD and manage them fully within Intune, I feel disappointed that having been sold this product as an Enterprise solution, it falls quite short of my expectation.

        My biggest frustration is the end users experience with the Intune client i.e. Office 365 does not passthrough the sign on due to the fact the pc is not a member of the Azure AD. In my experience, SSO has become an expectation these days with users so i'd be glad to see this fixed asap.

      • Steven DeQuinceySteven DeQuincey commented  ·   ·  Flag as inappropriate

        We are in the same position, but the clients 1000k client limit is a problem for us, so we're looking at MDM managed. I think more and more feature of the Win 10 MDM platform will be developed, and inTune capability to manage them built. It's just taking time :(

      • Kaj NiemiKaj Niemi commented  ·   ·  Flag as inappropriate

        Actually, having gone this through myself with MS support, you kind of have to choose:

        1. MDM and configuration policies (password complexity, etc. etc.)
        2. intune client, visibility into endpoint protection & all that

        It does not seem like you could get both at the same time. It was kind of hinted that with the intune client you should apply policies via other means (= GPO) but it's not very cloudy to do so, is it ;-)

      • AndersAnders commented  ·   ·  Flag as inappropriate

        After doing an Azure AD join and the configuration sets the Windows 10 to register in Intune it registers as an mobile device.

        If the full features for managing the Windows 10 is wanted we need the Intune Agent installed.

        Please make an option in the client install to take over the MDM management.

      • JosJos commented  ·   ·  Flag as inappropriate

        Actually Claus, this does not deploy the Intune PC Client. This only enrolls the Windows 10 device as a Mobile Device, which has a very limited subset of the full device management options available.

      Feedback and Knowledge Base