Group policy enrollment

Windows 10/11 devices can be enrolled in Modern Device Management using a group policy. Creating a group policy will automatically enroll all devices that are hybrid-joined to Azure AD.

Group policy enrollment is for devices that have already been hybrid-joined to Azure AD. For devices that have not been hybrid-joined, see Deep link enrollment.

To enroll devices with a group policy

1.Ensure your devices are hybrid-joined to Azure AD. For more information, see Microsoft's documentation: Hybrid Azure AD joined devices.

2.Create a group policy object. For more information, see Microsoft's documentation: Configure the auto-enrollment for a group of devices.

3.Create a security group that includes the devices you want to enroll. For more information, see Microsoft's documentation: Active Directory Security Groups.

4.Link the group policy object to the security group. For more information, see Microsoft's documentation: Link the GPO to the Domain.

User experience

When a user logs into the device using credentials in Azure AD, Microsoft finds the Azure AD based MDM configuration that belongs to their organization. The device is enrolled in Modern Device Management and can receive policies and commands.