This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 88%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
We have many machines joined to Azure AD, and we would now like to have these joined to Intune
How would we solve this without having to reset the machines ?
I tried to enable Azure AD > Mobility and hoped that would be enough, but guess not ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
You don't need to reset the device. If the device has already been joined in Azure AD, you can sign in to the Windows with the user account with local administrator permissions. Then, you can perform the enrollment just as @Nick Hogarth suggested.
You can open the Settings app, and go to Accounts > Access work or school, then click Enroll only in device management. Plus, if there is no Enroll only in device management option, you can click Connect, and add the Azure AD account again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Those settings above are for Auto enrollment into Intune. So when you join Azure AD (at the OOBE or Autopilot) it will enroll into Intune, also used for other enrollments like using a GPO for Intune enrollment, or Co-management with ConfigMgr etc.
Have you had a user go to Settings > Accounts > Access work or school > Enroll only in device management? (they will need admin rights for this)
Those settings are only for when Azure AD join is performed. There is no easy way to do this unfortunately.
Hi,
Thanks for reply.
So as I understand this, the users have 2 choices ?
Correct ?
Second question, what exactly does does the settings in the image above do ?
/Regards
Andreas