Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)
SOLVED

Intune AzureAD auto MDM enrollment blocked by also allowing MAM?

Contributor

Setting up Intune AutoPilot from here:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot#windows-a...

 

But when I look at the docs for auto-enrollment https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment there is this warning:

 

       Important

  • If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.

 

Question:

So is it possible to have auto-enrolled MDM through AzureAD/Intune with Auto-Pilot while also having automatic MAM for non-windows devices?

 

 

 

It almost seems as if the AzureAD MAM page has bad wording - 

"MAM User Scope" makes sense - but MDM scope should be an OR for "Device/User/Device+User"

 

 

Note: This is all for url:

portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility

 

(I didn't copy/paste so I might have missed something)

 

Thanks!

 

 

1 Reply
best response confirmed by Neil Goldstein (Contributor)
Solution

hi

 

That MAM settigns is MAM for Windows - and have nothing to do with MAM for non-windows :)

The MAM settings in the documentaion is for MAM for Windows with out enrollment - hope it makes sense.

 

Kind Regards

Per Larsen

Enterprise Mobility MVP

Blog: https://osddeployment.dk