Adding existing devices to Azure AD and MDM:
- The user must first be assigned the relevant licence
- MFA reset and disabled
- This step is necessary until ‘Modern Authentication’ methods is enabled on the Exchange Server (agreed in principle to carry out)
- Reset the users M365 password
- Log onto the laptop as local admin and open the following URL in a web browser
- https://portal.manage.microsoft.com/?portalAction=Compliance
- IT staff member must register the device to Azure and log on to the above URL
- Select the grey bar to add the currently logged on device to MDM.
- You will see a list of any existing devices that can be registered but also the option to add a new device ‘My Device isn’t listed here’
- Click Add and follow the steps on screen to register, when prompted do not enter the email address when first asked. Instead, select the option below for ‘Alternative Actions’ and select ‘Join this device to Azure Active Directory’
- You will be directed to connect to a work or school account
- Log in accordingly and with MFA accept all prompts necessary.
- When logged on successfully, you shall be asked to make sure you are connecting to the correct organisation
- The process will start to register the device to Azure AD and MDM
- Once complete you are asked to ‘Click here’ and it will take you back to the devices list where you can now select the new device and register to your account.
- Once added it may take a little time for the device to be fully registered and have access to the corporate M365 portal and ready for device management.
- It may be worth restarting the laptop and logging on to ensure all is as expected.
Adding new and reset devices to Azure AD and MDM
- Initial setup shall be carried by IT staff member, using their own account.
- Windows creates the first account as administrator
- Once the laptop is pre-configured, the main user of the device can log on using their credentials and follow the same steps when creating the PIN and syncing with authenticator app.
- Power on device and run through initial setup steps until you arrive at the ‘Account Setup’ step, choose ‘Setup for an Organisation’
- It is advised to not allow any of the tracking options that are enabled by default.
- The options provide ‘Personalised’ experience while using the operating system etc.
- Sign in with company email address and password and once signed in, continue with the initial setup steps until you reach the ‘Windows Hello’ setup screen. From here a PIN is setup for logging onto the device. This can be changed to Facial recognition once logged in.
Enter company email address and password when asked
When presented with the log on Screen, log in as the newly created local admin account and complete the software distribution, updates etc. Do not activate Office 365 as yourself but do so when logging on as the primary owner of the device. This due to ‘Shared activation’ not being available for licences below Business Premium edition