This post will show you how to configure Azure Endpoint Manager for automatic device enrollment for Azure AD joined devices. If you’ve haven’t already seen my previous post on how to join a Windows 10 device to Azure AD, that can be found here.
Licensing: Azure Endpoint Manager is already included with your Microsoft 365 subscription!
Start by logging into your M365 admin account at the Azure Endpoint Manager admin center https://endpoint.microsoft.com/
Setting up CNAMES is optional and for automatic enrollment. Otherwise, you will have to manually enroll a device and enter in the MDM URL which can be found under the Automatic Enrollment section. This is fine when you only have a few devices to enroll, but I highly recommend doing it.
Update DNS CNAME
- From the home page, navigate using the side bar to Devices -> Enroll devices (under device enrollment)
- Here you can select CNAME Validation to verify if your CNAMES are setup correctly.
Add the following DNS entries in your DNS provider:
| CNAME | EnterpriseEnrollment.domain.com | EnterpriseEnrollment-s.manage.microsoft.com | TTL: 1 hour |
| CNAME | EnterpriseRegistration.domain.com | EnterpriseRegistration.windows.net | TTL: 1 hour |
| CNAME | EnterpriseEnrollment.justanothersysadmin.com | EnterpriseEnrollment-s.manage.microsoft.com | 1 hour |
| CNAME | EnterpriseRegistration.justanothersysadmin.com | EnterpriseRegistration.windows.net | 1 hour |
Note: These DNS changes could take 24-72hrs to take affect depending on your DNS provider.
- Run the CNAME validation check
Now it’s time to enroll our first device!
- On your Windows 10 device, open settings and navigate to: Accounts -> Access work or school and click connect
- Enter in your email address in the window that appears
Your device will use the DNS CNAMES to locate and automatically enroll in Endpoint Manager. It may take some time for the new device to appear in the admin center. From there you can begin using Endpoint Manager features such as: Compliance policies, configuration profiles, endpoint security, apps and many other features! (More posts to come, so follow my blog to keep up to date!)
