From 030bc3a9e46f37175011f057453dccdb334ad4c9 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 22 Jan 2020 10:38:32 +0200 Subject: [PATCH] remove incorrect info and add note about expected behavior https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5432 --- ...-a-windows-10-device-automatically-using-group-policy.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index ac08247a1f..ee0d0066a0 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -49,10 +49,14 @@ The following steps demonstrate required settings using the Intune service: ![Intune license verification](images/auto-enrollment-intune-license-verification.png) 2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal). -Also verify that the **MAM user scope** is set to **None**. Otherwise, it will have precedence over the MDM scope that will lead to issues. ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png) +> [!IMPORTANT] +> For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled. + +> For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled. + 3. Verify that the device OS version is Windows 10, version 1709 or later. 4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line.