Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Configure MDM Authority

In this post, you learn to Configure MDM authority & user scope configuration who can enroll their devices into Intune. If you have not read my previous posts, I recommend reading the following posts to get a full understanding of the Intune guide.

Prerequisites

The below Prerequisites are required to enroll the Windows 10 devices:

  • Intune enabled as the MDM authority
  • Windows 10 1703 and above for testing
  • EMS E3 licenses (or at the very least Intune and Azure AD premium P1)

In this series of posts, I’m going to explain end to end process to build an Intune lab environment. It’s assumed that you already have a domain controller and all the on-prem servers. More details about building a domain controller here.

Enable MDM (Mobile Device Management)

From Tenants with 1911 service release, the MDM authority is enabled by default set to Intune

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

For pre-1911 service release tenants,

In the Microsoft Endpoint Manager admin center, select the orange banner to configure the MDM authority,

Select Intune MDM Authority

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Configuring Intune MDM User Scope and MAM User Scope

To configure your MDM and MAM user scope go to,

Login into https://portal.azure.com/ -> Navigate Azure Active Directory

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

In the left-hand panel, select the Mobility (MDM and MAM) and open the Microsoft Intune

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope
  • In MDM user scope tab,
  • Enable the Some in MDM user scope
  • To select the Intune user groups, click  No Group selected,
  • Select the Intune User security Group (I have created the Azure security group to add Users to be part of Intune enrollment)
  • Click Select the Azure security Group
  • Click Save the settings
Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope
  • In MAM user scope tab,
  • Enable the Some in MAM user scope
  • To select the Intune user groups, click  No Group selected,
  • Select the Intune User security Group (I have created the Azure security group to add Users to be part of Intune enrollment)
  • Click Select the Azure security Group
  • Click Save the settings
Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Configuration has been saved successfully

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

In the left-hand panel, select the Mobility (MDM and MAM) and open the Microsoft Intune Enrollment

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope
  • In Microsoft Intune Enrollment tab,
  • Enable the Some in MDM user scope
  • To select the Intune user groups, click  No Group selected,
  • Select the Intune User security Group (I have created the Azure security group to add Users to be part of Intune enrollment)
  • Click Select the Azure security Group
  • Click Save the settings
Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Configuration has been saved successfully

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Windows 10 Enrollment

Add the out of box Windows 10 device into Azure AD

Enter the User name , Click Next

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Enter the password of Domain account and click Next

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Device configuration is in progress

Click Yes to continue the device setup

Windows 10 device is joined to Azure AD, using Settings verify the user account information

The device is Azure AD joined, MDM is compliant

Intune Guide Post 3 - Configure MDM Authority User Scope MAM User Scope
Intune Guide Post 3 – Configure MDM Authority User Scope MAM User Scope

Reference:

Leave a Comment

Your email address will not be published. Required fields are marked *