From e3dd5ee609a39266a01e2a7ef2ec5bb3a096e811 Mon Sep 17 00:00:00 2001 From: "JerryAbo [MSFT]" <94194023+jerryabo@users.noreply.github.com> Date: Tue, 10 Oct 2023 20:34:25 -0500 Subject: [PATCH 1/2] Update enroll-a-windows-10-device-automatically-using-group-policy.md Add dependency for auto HAADJ directly in GPO requirements so it is more easily discoverable as a HAADJ missing this info blocks MDM enrollment from succeeding. --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md index 031f810c1b..62fce24e34 100644 --- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -19,9 +19,11 @@ The enrollment into Intune is triggered by a group policy created on your local - The Active Directory joined device must be running a [supported version of Windows](/windows/release-health/supported-versions-windows-client). - The enterprise has configured a Mobile Device Management (MDM) service. - The on-premises Active Directory must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad). +- Service connection point (SCP) configuration. For more information see [configuring the SCP using Microsoft Entra Connect](/azure/active-directory/devices/how-to-hybrid-join). For environments not publishing SCP data to AD, see [Microsoft Entra hybrid join targeted deployment](/azure/active-directory/devices/hybrid-join-control#targeted-deployment-of-microsoft-entra-hybrid-join-on-windows-current-devices). - The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents fail enrollment with `error 0x80180026`). - The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. For more information, see [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan). + > [!TIP] > For more information, see the following topics: > From cc5c3d9a607d7f46fb9fb401b8c7c5ccd626de7e Mon Sep 17 00:00:00 2001 From: Rei Ikei <47890550+reiikei@users.noreply.github.com> Date: Mon, 16 Oct 2023 15:35:54 +0900 Subject: [PATCH 2/2] Update policy-csp-controlpolicyconflict.md Most users are now using 1809 or later versions, and I think this statement is misleading customers. --- .../client-management/mdm/policy-csp-controlpolicyconflict.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 485f675610..4c27326f83 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -49,7 +49,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. > [!NOTE] -> This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. +> In Windows 10 version 1803, this policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that: