Can you use Intune without Azure AD

Within certified digital Office primacies an Azure AD domain associated computer has usually been managed by functional tools such as “Group Policy”. With an enlarged scale of functions, you may have had the requirements of a tool called “Configuration Manager”, or any similar associated third-party client. The inclusion of Intune (a component of Endpoint Manager) with Microsoft 365 subscriptions like Business Premium and E3 has provided a viable alternative. The insightful benefits are observing over the existing Windows server toolkits and with the assistant of Intune, device management can be controlled over the online digital platform. They don’t require a line of sight to an on-premises infrastructure to retrieve settings and applications, unlike Group Policy, so you can rely less on things like your VPN while users are off-site.

In this blog, we will be looking at solutions to help users use Intune without Azure AD and find possible solutions to help users get a better understanding over having the use Intune without Azure AD.

Step by step process – How to use Intune without Azure AD

  1. Click on the “Start” menu.
  2. Find the “Azure AD Connect” installation wizard.
  3. Click on “Configure”.
  4. The configure device settings menu is then used to configure Hybrid Azure AD Join.
  5. Then click on “Connect to Azure AD”.
  6. Input credentials.
  7. Click on “Next”.
  8. Under “Hybrid Azure AD join”, click on “Device systems”.
  9. Ensure the “Windows 10 or later domain-joined devices” are selected.
  10. Then click on “Next”.
  11. Click on “SCP”.
  12. Download the newly configured script.
  13. Open and install the script.

The configuration wizard is now complete. On the final screen, you’ll be asked to confirm that you want to continue, so click configure. You can manage the scope of devices that become HAADJ in the same manner that you can control the scope of users in Azure AD Connect, such as by OU. Once you have downloaded the script you will be able to use in premises endpoint features that are in tune enabled as a script off-site entry instead f an on-premises digital function. Devices will become Hybrid Azure AD Joined when they connect to Active Directory and get this information. If you go to the Azure Active Directory portal, you’ll notice that the device state is Hybrid Azure AD Joined. You don’t have much control over them yet, even if this indicates they’re authenticating to Azure AD. With Intune, you can accomplish that.

Devices must first be Hybrid Azure AD Joined, which is one of the most critical criteria for automated enrollment (HAADJ). The device is still connected to your on-premises Active Directory, and users are still authenticating against on-premises Domain Controllers in this mode. The device is, nevertheless, “joined” to Azure AD. This Azure AD connection allows it to conduct SSO to Azure AD resources, allowing it to get the necessary access tokens to retrieve your cloud policies.

Azure Active Directory Hybrid In the Azure Active Directory admin center’s device list joined devices will appear as such. In addition, a field in the admin center reports devices’ MDM, which, if reported as Intune, indicates the client has completed the Group Policy-created scheduled activity. If the MDM reports none, it implies the task hasn’t yet registered the device in Intune, so check the device’s Event Viewer logs, which can be located under Microsoft Windows DeviceManagement-Enterprise-Diagnostic-Provider under Applications and Services Logs. Although devices that are Hybrid Azure AD Joined will appear in the Azure AD admin center, they will not appear in Endpoint Manager until they are enrolled in Intune. If devices aren’t showing up in Azure AD, they’re probably not becoming HAADJ properly. On the client, the command line dsregcmd /status is a valuable diagnostic tool for diagnosing this.

Intune Auto-Enrollment

After a device has been Hybrid Azure AD Joined, it may use Group Policy to enroll in Intune automatically. Although HAADJ is required for this type of Intune enrolment, you are not required to control the sequence of events. If the Group Policy isn’t HAADJ when it’s supposed to be, it’ll just keep retrying until it is. The authenticating user must also have a proper license and be in Azure AD’s scope for Intune MDM.

  • Create a new Group Policy Object in the Group Policy Management console and open it in the Group Policy Management Editor.
  • Go to Computer Configuration > Policies > Administrative Templates > Windows Components > MDM under the Windows Components menu.
  • Enable automatic MDM enrollment using default Azure credentials is a Group Policy option that enables auto-enrollment.
  • Set this setting to enabled with user credentials as the type by double-clicking it.
  • It’s configured now that you’ve selected OK against the Group Policy setting; all you have to do now is scope the Group Policy Object to OUs containing devices that should be auto-enrolled. This method has the advantage of allowing you to test the policy on proof-of-concept devices initially.

Step by step process – How to use Intune without Azure AD

Step by step breakdown:

  • Type “Azure AD Connect” into your Windows search bar.
  • If you can’t find Azure AD Connect, download the installer.
  • Find the “Azure AD Connect” installation wizard.
  • Click on “Configure”.

The configure device settings menu is then used to configure Hybrid Azure AD Join.

  • Then click on “Connect to Azure AD”.
  • Input credentials.
  • Click on “Next”.
  • Under “Hybrid Azure AD join”, click on “Device systems”.
  • Ensure the “Windows 10 or later domain-joined devices” are selected.
  • Then click on “Next”.
  • Click on “SCP”.
  • Download the newly configured script.
  • Open and install the script.

That’s it for this Blog thank you for taking time out to read our content, please feel free to email our team about how it went if you followed the steps or if you need more help with the questions we answered in this Blog.

Saajid Gangat

Saajid Gangat has been a researcher and content writer at Business Tech Planet since 2021. Saajid is a tech-savvy writer with expertise in web and graphic design and has extensive knowledge of Microsoft 365, Adobe, Shopify, WordPress, Wix, Squarespace, and more! You can connect with Saajid on Linkedin.

Recent Posts