Thanks for this great video. You mention you need windows 10 or 11 specific ADMX Templates but its no longer the case. Per Microsoft, as of 21/07/23, You can now use the new Windows 11 ADMX files (download from Microsoft Download Center) to maintain Windows 11 and Windows 10 clients. Hope that helps others troubling shooting the gpo deployment.

Thanks, following this video tutorial and got enrollment right the first time.

Great walkthrough, thank you very much

Hi Travis, I think you wanted to remove the "Authenticated Users" group from the GPO security filtering list? After adding the group "MDMDevices".

Great explanation, thank you for your effort...keep up the good work.

@Travis roberts I'm stuck at the step, which is @10:03 restarted the device, havent logged in with the user credentials that has Business premium license but I dont see that device in all devices

As I know in a Hybrid environment with GPO enrollment the MDM user scope is not relevant. The MDM user scope typically comes into play when you are using a pure MDM solution for device management. In this case I would only add admins to the MDM user scope so that users can't add devices as a corporate device and all regular users to the MAM user scope. Correct me if it's wrong.

Thats the video iam looking for. Thank you very much!

You are awesome , if you can make a vlog enrolling already enrolled AAD devices to intune , Thanks

Can you show a video of a scenario where you would need to use the App ID?

This guy is awesome!!! Thanks Travis!!! Does Azure AD Connect need to be configured for Hybrid Domain Join for AD domain joined devices? This is a great demo!!!

Hi Travis, I still not able to login with AAD User, as it says the username or password is incorrect.

So if the device is domain joined already, the user's log in with their AD account. If we enroll the devices into Intune via this method, will this then make them sign into the computers with their Entra ID account/365 account? Or does the computer need to go through the whole Autopilot stuff for that to happen?

you mentioned a difference with win 11 and 10 in realtion to GPO and auto enroll for intune. What do i need to do here, have both OS's in our network?

Hello Travis, You do great videos!! I have a question. I have same configuration as you did, but in some of my computers i dont see the Task under EnterpriseMgmt. And the computer remain hybrid Join and dont add to Intune...Any suggestions? Thanks 😁

This is so helpful. I'm sure in my hybrid environment the way it enrolls via GPO is nearly the same. As a learning and relatively new admin for M365: If we use conditional access to have everyone require MFA and be hybrid joined to be able to login and use cloud apps, and if we have a machine that has fallen off from Intune (max 270 days?), is there a way to bypass MFA requirement to re-enroll/re-register the device? Not sure if that's even a valid question or i'm getting confused. I also want to know if the MDM certificate in Certificate manageer even factors into the above question at all either.

Is there a reason you use users in the Intune group? I’d always been told to use devices, as it will detect the currently logged in user anyway. Speed edit: but thank you for this video! Clean and to the point.

Not working :/

Thank you so much :)

Azure AD is better than Entra ID