Azure AD enrollment
Configure > MDM Configurations > Microsoft > Azure AD enrollment (Autopilot)
By linking Azure Active Directory and your CSA, you can automatically enroll corporate-owned Windows 10/11 devices during device setup and pre-configure them with policies and settings for a custom out-of-box experience. You can also enroll devices owned by users defined in your Azure AD at any time. For information about configuring the device setup process with Azure AD, see Microsoft's Autopilot Profiles Guide.
NOTE: A CSA can only connect to a single Azure AD account. If you have multiple Azure AD accounts you would like you use with Autopilot, you will need to set up an additional CSA for each account.
To configure Azure Active Directory enrollment
1.In the Endpoint Manager console, navigate to Tools > Modern Device Management > MDM configurations > Microsoft > Azure AD (Autopilot). You will need to use the MDM URL and Application ID URI found on this screen in later steps.
2.In a browser, log in to the Azure AD Portal.
3.Use the expandable menu on the left side of the screen to navigate to Azure Active Directory.
4.Select Mobility (MDM and MAM) in the left menu.
5.Click Add application.
6.Click On-premises MDM application settings.
7.Enter a name for the application, and click Add. Since this application will be used by Ivanti Autopilot, you may want to give it a name indicating that.
8.Use the MDM user scope slider to select which users this configuration applies to. If you select Some, you can select which Azure AD user groups you would like to include. For information about creating users and user groups, see Microsoft's documentation Add or delete users using Azure Active Directory.
9. In both the MDM terms of use URL field and the MDM discovery URL field, paste the MDM URL found in the Endpoint Manager console.
10.Click Save.
11.Click On-premises MDM application settings.
12.Click the Application ID URI, and paste in the Application ID URI found in the Endpoint Manager console.
13.Copy the Directory (tenant) ID.
14.Return to the Endpoint Manager console.
15.In the Directory ID field, paste the ID you copied from the Azure AD Portal.
16.In the MDM Configurations navigation tree, click Enrollment Agreement.
17.Click Upload to select your enrollment agreement .html file, then click Save. For more information about enrollment agreements, see Enrollment agreements.
You can also create a deep link for Azure AD enrollment. For more information, see Deep link enrollment.
For information about deploying the agent after MDM enrollment, see Installing the agent for hybrid management.
User Experience
•Out-of-box experience. During the initial device setup, the user enters their corporate credentials on the Sign in with Microsoft work or school account screen. They are shown the enrollment agreement configured in Endpoint Manager. If they accept the agreement, the device enrolls and walks them through the rest of the Windows setup.
•Bring your own device. The user navigates to Windows Settings > Accounts > Access work or school. They click Connect and enter their corporate credentials. They are shown the enrollment agreement configured in Endpoint Manager. If they accept the agreement, the device enrolls.