Microsoft 365 Mobility and Security：Exam Guide MS-101

上QQ阅读APP看书，第一时间看更新

Setting up automatic enrollment

Setting up automatic enrollment requires Microsoft Enterprise Mobility + Security (EMS)/Azure Active Directory Premium. If you don't have this subscription but would like to follow along with the steps in this section, you will be prompted to start a trial when it is required for additional access and functionality. If you have the subscription, or opt to start the trial when prompted, be sure to assign a license to yourself before proceeding.

Throughout this book, when discussing licensing, keep in mind you can use Azure AD to manage product licensing in groups rather than for each individual. When you add a member to the group, they're assigned the relevant licenses until they're removed from the group. Learn more at https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal.

The following screenshot shows that for this user Enterprise Mobility + Security E5 has been assigned:

One you're appropriately licensed, set up automatic enrollment by following these steps:

From Azure (portal.azure.com), click Azure Active Directory and then click Mobility (MDM and MAM):

Select Microsoft Intune, as shown in the following screenshot:

Select the group(s) for which you're configuring automatic enrollment for both MDM and MAM. Click on Save:

Assigning policies, permissions, licenses, and features like automatic enrollment for All Users is rarely appropriate. You'll want to be sure to use groups in Azure AD to make managing configurations over time easier and avoid changing the configuration itself as opposed to just managing group memberships.

In this section, we looked at the Azure AD role in MDM, discovered the differences between registered and joined devices, and set up automatic enrollment capabilities. Next, we will see how to select and set an MDM authority.