Search This Blog

Tuesday, June 18, 2019

Intune GPO Enrollment General Info

Just a quick note on how to enroll an existing domain joined device.

If you have not yet, a prerequisite for the GPO enrollment is Azure AD Hybrid Join. You can find directions on how to accomplish this here

https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains

You can also find some more background information on it here

https://www.amobileattempt.com/2018/07/hybrid-join-azure-ad-and.html

Once you have that completed and are running the correct version of windows, I recommend at least 1803, and have your GPO store updated as such you can create the new GPO and deploy it to your Hybrid Joined Devices. Information on that process can be found here.

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

What this article from Microsoft doesn't tell you is where you can find the event logs for this process or what the error codes you might find are. The location in the event viewer is 

Applications and Services Logs/Microsoft/Windows/DeviceManagement-Enterprise-Diagnostics-Provider/Admin





MS does offer additional tshooting help in some tucked away corners of their platform that I want to gather here. Use the below links as a starting point. Good luck!

https://support.microsoft.com/en-us/help/4494359/troubleshoot-intune-windows-10-group-policy-based-auto-enrollment