Enroll Windows 10 Machines In Microsoft Intune And Manage Them ...

As workers transition to remote environments, they need to have a mobile device management (MDM) platform uninhibited by connectivity to the corporate network. Microsoft Intune is a cloud-based service that provides effective MDM and mobile application management (MAM). Read 4sysops without ads for freeContents

1. MDM vs. CSP
2. Enrolling devices in Intune MDM
3. Managing Windows from the Intune MDM interface
4. Intune Endpoint Security options
5. Wrapping up

• Author
• Recent Posts

Brandon LeeBrandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com. Latest posts by Brandon Lee (see all)

• AI-powered antivirus and threat detection: ManageEngine Malware Protection Plus - Wed, Sep 10 2025
• MPA Tools: Enhancing Microsoft endpoint management for Windows, Active Directory, Configuration Manager, Intune, and Entra ID - Thu, Sep 4 2025
• Action1: Patch management for Windows and Mac with 200 free endpoints - Wed, Apr 30 2025

MDM is one of the primary features of Microsoft's Intune platform. It allows businesses to manage a wide range of devices, including phones, tablets, laptops, and desktops. These could be corporate-owned devices, or they could be personal "bring your own device" (BYOD) allowed for use with corporate access and applications.

Read 4sysops without ads for free

Intune can compartmentalize the device in the latter case so that business-critical data is protected and personal data and management are isolated from corporate data. Thus, it allows businesses to have the best of both worlds by having the end user supply their hardware while still being comfortable with corporate data security, management, and isolation.

Intune has a wide range of other features, including:

• Setting up policies that control which data and networks the device can access
• Authenticate apps on devices
• Control information sharing from the managed device
• Align the devices with specific security requirements

For managed personal devices, Intune allows administrators to:

• See devices enrolled
• Inventory devices accessing business resources
• Require certain health checks and security standards for devices allowed to connect
• Certificate management
• Reporting capabilities, such as which devices are out of compliance
• Delete organization data if the device is lost or stolen or the employee has left the company

MDM vs. CSP

You may see the terms MDM and CSP thrown around in referencing Microsoft Intune. CSP stands for Configuration Service Provider. Intune is not the CSP, but rather the MDM solution. CSP is to the Intune MDM what Client Side Extensions (CSEs) are to Group Policy. The CSP applies specific settings to Windows devices. The Windows 10 operating system contains the CSP that allows the application of the settings specified by the MDM. Read 4sysops without ads for free

Enrolling devices in Intune MDM

Microsoft Intune is now housed as part of the Microsoft Endpoint Manager solution. The management portal is located at https://endpoint.microsoft.com.

Microsoft Intune has moved

Enrollment in Microsoft Intune can be carried out as a user or administrator:

• Users can self-enroll using
  • Microsoft Store Company Portal app
  • MDM-only enrollment
  • Azure Active Directory (Azure AD) join
  • Autopilot
• Admins can configure policies to force automatic enrollment by:
  • Hybrid Azure AD join
  • Configuration Manager co-management
  • Device enrollment manager
  • Bulk enroll
  • Enrolling Windows IoT core devices

To understand the best practices and use cases for each enrollment method, look at the official Microsoft Intune enrollment method capabilities for Windows devices. Let's see how to use the Company Portal app found in the Microsoft Store to enroll a Windows 10 device in Intune.

The Company Portal app is a free application found in the Microsoft Store. Use it to onboard your workstation into Intune.

Installing the company portal from the Microsoft Store

After installation, you will be asked to sign in. If the end user has already signed in with the organization account, the app will not need to sign in.

Note the directive to Allow my organization to manage my device.

Agree to allow your organization to manage the device

The device synchronizes with your organization and applies policies, etc.

Registering your device with your organization

After logging in and synchronizing, the app is connected.

You will now see a message that says This device hasn't been set up for corporate use yet. Select this message to begin setup.

The device hasnt been set up for corporate use

At this point, you have added a corporate account to the device. However, it still needs to be connected to work.

Begin to connect the device to work

Click the Connect button.

Connect to your organization

You will be prompted to set up a work or school account. The organization account is prepopulated for you based on the account signed in to the Company Portal.

Set up a work or school account

The device is set up after confirming the sign-in.

The device successfully connects to the work account.

Your device is now successfully connected to Intune and managed

The device is fully connected and is managed by the Endpoint Manager Intune MDM solution.

Managing Windows from the Intune MDM interface

After enrolling, you will see your device appear in Microsoft Endpoint Manager under Windows devices.

Verifying the Windows device from Intune management

If you sign in to your Windows 10 workstation with the organization account first and then connect using the Company Portal app, it will be onboarded as corporate instead of personal.

Difference between corporate and personal in Intune

Once a Windows 10 machine is onboarded, note the different operational controls for the remote Windows 10 management. Options include:

• Retire
• Wipe
• Delete
• Remote lock
• Sync
• Reset passcode
• Restart
• Collect diagnostics
• Fresh start
• Autopilot reset
• Quick scan
• Full scan
• Update Windows Defender security intelligence
• BitLocker key rotation
• Rename device

Options available with a Windows 10 Intune managed device

You can also assign applications to Windows 10 PCs that are onboarded into the Intune MDM. Note below that Microsoft 365 apps for Windows 10 have been assigned to the WIN10TEST PC and are pending the install.

Microsoft 365 apps assigned and pending installation for an Intune managed device

Intune Endpoint Security options

Microsoft Intune MDM provides a wealth of security options for IT admins to control managed devices. In the Endpoint Security dashboard, you can manage:

• Antivirus
• Disk encryption
• Firewall
• Endpoint detection and response
• Attack surface reduction
• Account protection
• Device compliance
• Conditional access

In addition, you can easily apply security baselines to remote Windows devices.

Viewing Endpoint security options with Intune

It also provides visibility into security issues. Intune's Endpoint security Firewall > Windows 10 MDM devices with firewall off recognizes the managed Windows 10 PC has the firewall turned off.

Finding managed Intune Windows devices that have the firewall disabled

Let's see how to use Intune's Endpoint security policies. Using them, we can ensure that the Windows Firewall is enabled for all profiles. Click Endpoint security > Firewall > Create policy.

Create a Windows Firewall policy

This begins the Create profile wizard. Name the new policy.

Microsoft Defender Firewall policy name and description

Next, under the configuration settings, we can specify the firewall settings to apply. Below, we enable the Windows Firewall for all profiles.

Choose Windows Firewall configuration settings to ensure the firewall is enabled

Additionally, you can set scope tags. Next, determine the Windows 10 PCs to which the policy applies.

Configure assignments for Windows Firewall scope tags

Review the settings and create the policy.

Review and create the Windows Firewall Intune MDM policy

After the Windows 10 PC synchronizes settings and policies with Intune, the Windows Firewall settings are remediated and turned on for all configured profiles.

Wrapping up

There are many options for enrolling your Windows 10 PCs in Intune. This can be accomplished from both the user side and by an administrator. Read 4sysops without ads for free

As shown, the Company Portal app is an easy way to onboard Windows 10 clients, including BYOD. Managing your Windows 10 clients using the MDM interface is made possible by the CSP functionality in Windows 10. It allows the application of policy settings from Intune, much like settings are applied from Group Policies in on-premises Active Directory.

1 Comment Read 4sysops without ads for free

Join our IT community and read articles without ads!