Automatically deploy Intune PC Client for Azure AD joined computers
Not entirely sure if this belongs here, or in Azure AD, however....
From reading the documentation, it appears that the for Windows 10 Enterprise PCs, they can be managed automatically upon joining the Azure AD domain as mobile devices only.
For corporate issued PCs, it would aid SMBs greatly if adding the Intune PC Client can be done automatically upon joining the PC to Azure AD. This would lower IT department's involvement in issuing new devices, so that company administration could just buy (for example) a Surface Pro and hand it to a new employee, along with the Azure AD/Office 365 credentials.
On October 16, 2019, we announced that support for the Intune PC software client (PC agent) will end on October 15, 2020, along with the Silverlight-based Intune Classic console. You should plan to move to use the MDM channel to manage your Windows PCs as soon as possible. Learn more: https://aka.ms/intune_silverlight_console
Nigel Clark commented
Likewise.. Having just bought into the EMS suite expecting to be able to join windows 10 pc's using Azure AD and manage them fully within Intune, I feel disappointed that having been sold this product as an Enterprise solution, it falls quite short of my expectation.
My biggest frustration is the end users experience with the Intune client i.e. Office 365 does not passthrough the sign on due to the fact the pc is not a member of the Azure AD. In my experience, SSO has become an expectation these days with users so i'd be glad to see this fixed asap.
Steven DeQuincey commented
We are in the same position, but the clients 1000k client limit is a problem for us, so we're looking at MDM managed. I think more and more feature of the Win 10 MDM platform will be developed, and inTune capability to manage them built. It's just taking time :(
Kaj Niemi commented
Actually, having gone this through myself with MS support, you kind of have to choose:
1. MDM and configuration policies (password complexity, etc. etc.)
2. intune client, visibility into endpoint protection & all that
It does not seem like you could get both at the same time. It was kind of hinted that with the intune client you should apply policies via other means (= GPO) but it's not very cloudy to do so, is it ;-)
After doing an Azure AD join and the configuration sets the Windows 10 to register in Intune it registers as an mobile device.
If the full features for managing the Windows 10 is wanted we need the Intune Agent installed.
Please make an option in the client install to take over the MDM management.
Actually Claus, this does not deploy the Intune PC Client. This only enrolls the Windows 10 device as a Mobile Device, which has a very limited subset of the full device management options available.
Claus Nielsen commented