Microsoft Meeting - sparksNotes

And as I think you already know, so maybe I'm just confirming for myself, if we want to use Autopilot (auto-provision devices), we **need** Entra ID **"P1**" (formerly Azure AD as if that's not confusing enough). We can bundle Intune and EntraID P1 with the Enterprise Mobility + Security E3 subscription, based on what I'm reading **We are actively in possession of EMS E3, 5k licenses** # First Steps (Obviously) We need to begin enrolling devices Intune polices will not affect fleet of machines until they are enrolled ## How do we get them Intune? _Note:_ We are speaking Vanilla Microsoft only, as if Okta is not a part of the picture 1. Put Entra ID (Azure AD) Connect in place to sync on-prem domain to Entra The domain will remain in place for Entra ID purposes. They are no _hybrid AD joined_ with the domain and Entra because we still have the domain 2. Then, we use group policy to get them into Intune 1. Flip group policy to "automatically enrolled devices" 2. Each user will need to have an Intune licenses 3. Enroll existing machines, assuming appropriate licensing 4. New devices will be able to be automatically joined Entra ID only devices will prefer Autopilot for enrollment. Manual enrollment is also possible, as long as there is not any domain involvement Cloud communication needs to remain in order to make any use of Intune whatsoever Most people are using OneDrive for Business for shared data--redirecting desktop data (work folders) to a replicated version in their OneDrive for Business - Removes need for another party for backup and allows us to do Native Backup _For Kiosk Devices:_ That is where actual devices come into play, instead of licensing them per user _Will deep-freeze get in the way?_ "Treat it like a non-persistent PDI. Intune should not be affected by this." 1. confirm licensing 2. sync identity 3. now we can test 1. Create GPO for hybrid sync'd devices 2. once identity is available we can start using autopilot with ID's **Group Policy from AD do not get sync'd - ID's DO get synchronized from AD** DO NOT START JUST IMPORTING GP'S FROM OUR AD - Start with everything _fresh_, if possible