- The document discusses various topics around managing devices with Microsoft Intune including enrolling devices, assigning device categories, changing device properties, setting up a device enrollment manager account, the difference between shared and user devices, and deploying applications.
- The document discusses various topics around managing devices with Microsoft Intune including enrolling devices, assigning device categories, changing device properties, setting up a device enrollment manager account, the difference between shared and user devices, and deploying applications.
- The document discusses various topics around managing devices with Microsoft Intune including enrolling devices, assigning device categories, changing device properties, setting up a device enrollment manager account, the difference between shared and user devices, and deploying applications.
- if you add custom domain and you want to simplify windows enrollment witout AZ AD
premium, you can use CNAME option
- intune auto enrollment (azure ad), only in intune(personal) => it can cause problems later for example conditional access policies which works only for azure ad joined devices, - to join windows 11, you can do it via settings or organizational portal - you can group devices managed by intune in dynamic group for a better management. the update can takes time - device categories auto creates an azure ad sec group once a device falls under one of them. using this sec group , a device can be assigned proper policies and apps . - Users can choose a category from the list when using the Company Portal on devices. You can disable end-user category selection using customization policy. - to update the device category of multiple devices, you can use graph api and intune powershell module. - you can assign a category manually to a device in the device properties - when you rename a category , all devices using it are auto updated . - a device enrollment manager is non admin user who can enroll devices in itune . DEM account can enroll and manage up to 1000 devices and non admin acont can only enroll 15. it requires an intune license. - the dem user cannot wipe dem enroll devices on the device using the company portal application. it enrolls win10/11 in shared device mode so device limit restriction won't work on them. instead we can configure a hard limit in AD admin center . - the dem user will be the admin on the machine enrolled and the user will not be able to disconnect. it will be added in the admin group on the local machine . - the primary user property is used to map a licensed intune user to their devices. an intune device can have 0 or 1 primary user . when there is no primary user , the device is refered as a shared device. - we can change a device name from intune on device properties. - You can configure an auto cleanup rule to clean inactive, stale devices. depends on organization but 90 days is recommended . only applies to intune not Azure AD devices - You can customize company branding on company portal . https://portal.manage.microsoft.com - the first user that creates an AZ AD tenant is assigned global admin role. - installation of M365 apps won't succeed if there are pre-existing .MSI apps on end user devices. - You can view managed apps status per machine in device options. - progressive web app are apps developped with html, css... a json script might be necessary . - You can deply MSI app to windows. -