none
problems trying to use Intune

    Question

  • Hello,

    I have subscribed to the 30 day trial of InTune.  I am trying to use Intune as an MDM for our Microsoft Surface Tablets.

    We use an on-premise AD windows server (Windows Server 2012R2).  I have created the CNAME entry in our on-premise DNS for Intune device enrollment as per the article at: CNAME Doc here

    What I'm wondering is since Intune is cloud based does it need cloud based DNS setup with Azure? or can it be utilized with an on-premise DNS?

    Everytime I use the CNAME verification "test CNAME" it tells me CNAME is configured incorrectly.

    I'm wondering if this is because I'm not using Azure?  If this is not the case and I can use InTune this way can I get a point in the right direction? maybe a reference article or documentation on how to get InTune to work with an internal AD environment..?

    Wednesday, November 08, 2017 6:11 PM

All replies

  • > "What I'm wondering is since Intune is cloud based does it need cloud based DNS setup with Azure?"

    No -- there's no such thing really.

    The CName is so that the device can find Intune based upon the domain name portion of the UPN that you enter when enrolling the device. Intune itself doesn't actually care about the CName or use it in any way.

    Without knowing exactly what you've configured, not much else can be said.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, November 08, 2017 6:27 PM
  • Okay So,

    I understand on Windows 10 you can enroll a device by entering a user account into the work/school section of accounts.

    Does this user account need to have admin privileges on the device for the mdm to work properly?

    Wednesday, November 08, 2017 7:06 PM
  • Actually what I meant is:  Does the logged in account hosting the work/school account need to have admin privileges?
    Wednesday, November 08, 2017 7:09 PM
  • I think it depends upon the exact path that you take.

    A standard user can workplace join a system which can then be auto-enrolled for Intune management: https://blogs.technet.microsoft.com/jeffgilb/2016/09/02/enrolling-windows-10-pcs-as-mobile-devices-with-intune/

    A standard user can also use AutoPilot: https://blogs.msdn.microsoft.com/okemokoloebube/2017/09/11/enroll-a-windows-10-machine-into-windows-auto-pilot/


    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, November 08, 2017 7:16 PM
  • Update,

    I have gotten my first device enrolled. and most features are available from the MDM.

    First Major Question: How many devices does one Intune User Account have the capability of managing?

    I am trying to understand what this is going to cost if I decide to move from trial to production use.

    Wednesday, November 08, 2017 8:00 PM
  • Do you mean how many devices can a user enroll to be managed by Intune?

    If so, this is configurable at the tenant level from anywhere between 1 to 10: https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

    If you have need to mass-enroll kiosk type devices, then you can configure a Device Enrollment Manager: https://docs.microsoft.com/en-us/intune/device-enrollment-manager-enroll


    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, November 08, 2017 8:25 PM
  • Okay so I guess what I am trying to do is:

    We have a standard AD environment few domain admin accounts and lots and lots of standard users.  We have a number of mobile devices such as laptops and surface tablets that are utilized by standard users.

    Example of setup: 1X Surface tablet to be utilized by a standard user (police officer) for C.J.I.S data, need to be able to remotely factory reset this device which intune allows for which is great.  So I log into the device with my domain account I setup on the device the account for management confirm device is managed by intune.  I then log out of the device hand over device to standard user for use in the field.  I assume that even if my domain account is not currently the account that is logged in I will still have the capability of remotely resetting the device (surface).  Considering this scenario how many devices can I setup in this way before I have to incorporate another intune user account?  Can I enroll endless devices on one intune user account or is one account capable of only so many?  Or is there something broke in this scenario I am not seeing considering I am still very new to using this?

    Wednesday, November 08, 2017 9:53 PM