Thank you for joining us at the AVASOFT + Microsoft Tech Summit 2024! Thank you for joining us at the AVASOFT + Microsoft Tech Summit 2024! Thank you for joining us at the AVASOFT + Microsoft Tech Summit 2024!
Watch Replay
Let’s Talk
Join us at the AVASOFT + Microsoft Tech Summit 2024 on Sep 12 | Microsoft Technology Center | Malvern, PA
Register Now
Let’s Talk

Configuring Microsoft Intune for seamless workflows in hybrid workspaces

Reading time: 3 min(s)

Establishing a seamless workflow in a hybrid environment is crucial for organizations looking to leverage the full potential of their IT infrastructure. One key tool that facilitates this process is Microsoft Intune, especially when integrated with Windows Autopilot. This combination enables organizations to set up Microsoft Entra hybrid joined devices efficiently. Let’s explore how to configure Intune in such environments, ensuring your devices are ready for deployment and management.

Understanding the prerequisites

Before diving into the setup process, it’s essential to ensure that Microsoft Entra hybrid join is properly configured. To verify the device registration, utilize the Get-MgDevice cmdlet. If Domain and Organizational Unit (OU)-based filtering is employed through Microsoft Entra Connect, confirm that the designated OU or container for Autopilot devices is included in the sync scope.

Device Enrollment Requirements: To enroll a device, certain conditions must be met:

  • The device must run a currently supported version of Windows.
  • It needs access to the internet, adhering to Windows Autopilot network requirements.
  • The device should connect to an Active Directory domain controller and successfully ping it.
  • If using a proxy, ensure the Web Proxy Auto-Discovery Protocol (WPAD) settings are configured.
  • The device must undergo the Out-of-Box Experience (OOBE).
  • Use an authorization type supported by Microsoft Entra ID during OOBE.

While not mandatory, configuring Microsoft Entra hybrid join for Active Directory Federated Services (ADFS) can streamline the Windows Autopilot registration process, especially for federated customers not using passwords.

Setting up Intune Connector server

To enable Intune integration with Active Directory, the Intune Connector for Active Directory must be installed on a Windows Server 2016 or later, equipped with .NET Framework version 4.7.2 or later. The server should have access to both the internet and Active Directory.

Key Notes:

  • Ensure the Intune Connector server has standard domain client access to domain controllers.
  • Multiple connectors can enhance scalability and availability, but it’s recommended to install each on separate servers.

Configuring automatic MDM enrollment

  1. 1. Access the Azure Portal: Sign in and select Microsoft Entra ID.
  2. 2. Navigate to Mobility (MDM and WIP): Ensure users deploying Microsoft Entra joined devices are members of the appropriate group within the MDM User scope.
  3. 3. Set Defaults: Use the default values for MDM URLs and save your settings.

Managing organizational unit limits

The Intune Connector creates Autopilot-enrolled computers within the on-premises Active Directory domain. The computer hosting the Connector must have the rights to create computer objects. In many domains, this right is not automatically granted.

Steps to Delegate Control:

  • Open Active Directory Users and Computers.
  • Right-click the relevant OU, and select “Delegate Control.”
  • Follow the prompts to grant the necessary rights for creating and deleting computer objects.

 

Installing the Intune Connector

Before installation, ensure all prerequisites are met. Here’s how to install the Intune Connector:

  1. 1. Disable Internet Explorer Enhanced Security Configuration on the server to avoid login issues.
  2. 2. Sign into the Microsoft Intune admin center.
  3. 3. Download and Install the Connector: After downloading, open the setup file and follow the installation prompts. Ensure to configure it upon completion.

Configuring device groups

In the Microsoft Intune admin center, create a device group to streamline device management:

  1. 1. Navigate to Groups > New group.
  2. 2. Set the Group type to Security and fill in the details.
  3. 3. For dynamic membership, input the relevant code lines to include all Autopilot devices or those with specific tags.

 

Registering Autopilot devices

Devices can be registered in various ways, including:

  • Manual Registration for devices not yet enrolled.
  • OEM Registration for new devices, where some OEMs handle registration.

After registration, devices will be visible in multiple locations within the Microsoft Intune admin center, Azure portal, and Microsoft 365 admin center.

Conclusion

Setting up Intune for hybrid environments significantly enhances device management and deployment processes. By following these guidelines, organizations can ensure a smooth integration of Microsoft Entra and Intune, leading to increased productivity and streamlined operations. With AVASOFT’s expertise, organizations can successfully navigate this setup, ensuring optimal use of their hybrid environments and technology resources.

 

Share this Article

Contact us to build your Al-Powered digital transformation strategy with Microsoft

Get in touch
Microsoft Solution footer logo
Linkedin X-twitter Youtube
© 2024 AVASOFT. All Rights Reserved.