One of the hybrid Azure AD joined requirement is GPO settings to be configured and assigned to the target OU. Thus, the credential type to use is the important thing to decide.
What is the different between device credential and user credential?
- Device Credential is only available for Windows
10, version 1903 or later. And it is only supported for Co-management
or Azure Virtual Desktop.
- User Credential is the normal way for GPO auto
MDM enrollment. If you are not doing Co-management or using Azure Virtual
Desktop, then we recommend to use User Credential option for GPO
configuration.
Actually,
when a group policy refresh occurs on the client, a task is created and
scheduled to run every 5 minutes for the duration of one day. The task is
called " Schedule created by enrollment client for automatically enrolling
in MDM from AAD." It will try to enroll the device in Intune, below are
the difference for those 2 options:
- Device Credential, this task will use Device
token for auto MDM enrollment, so device will enroll in Intune before
user log in, which speed up the enrollment process. And after user log in
device, device will be mapped with user and you will see device record
together with user info in Intune portal.
- User Credential, this task will use User
token for auto MDM enrollment, so it will require user log in the
device to complete the auto MDM enroll process.
No comments:
Post a Comment