Deploy Intune
      Back to home
      1. Sittadel Knowledge Base
      2. Deploy Intune

      Windows Corporate Device Settings Onboarding

      This guide will provide background information on the onboarding process for a Windows Corporate Device utilizing Windows Settings to Intune join.

      What is Onboarding?

      When we refer to the term onboarding, what we really mean is joining the device to our tenant so that we can manage it. We need to be able to manage devices not to see user’s files, actions, or information, but to push down security policy to protect them. When a device is onboarded, it means we can manage the device in these ways along with disabling them or pushing actions to them.

      Corporate vs Personal Devices

      With so many people working from home, it is become commonplace for users to use whichever computer they like to access company resources. While certainly convenient, it is creating a huge problem for organizations that want to keep their data secure and devices managed. These devices may also be referred to as “BYOD”, or “Bring Your Own Device”. Bearing this in mind, if a computer wishes to access company resources as an internal user – whether the device is corporate owned or not – the device must be onboarded.

      Personal Devices

      Personal devices are seen as those devices which are not provided/owned by the organization. When a device is not owned by the organization, certain security policies will not be applied to allow the users to still retain ownership of their devices. However, this does not absolve them of the critical security policy that must be applied to all computers, whether personal or corporate. The organization will determine in which situations a user should be allowed to use a personal device, and access into the tenant may be removed at any time, along with de-joining the device from being managed by the organization. The organization and user may determine if wiping the device is appropriate to clear any lingering security policy or company data.

      Corporate Devices

      Corporate devices are seen as those devices which are provided/owned by the organization. These devices fall under the full control of the organization and are secured with methodology that reflects this. The same critical security policies are applied, along with additional security to help the organization protect its assets and data to a more comprehensive level. These devices will also call out to the organization when reset, and will prevent outside organizations from being signed in on them via Autopilot.

      When a device is converted to a corporate device, if the account currently signed in is not that corporate account, then the new corporate account will need to be signed in to. This means a transfer of information from the current profile to the new one may be required, with the prepended OneDrive sign in steps helping to ensure the easy transfer of essential information contained in the Desktop, Documents, and Pictures folders. Most programs and applications should transfer with the switch. If a complete profile transfer must occur, such as windows settings or local bookmarks, we recommend getting in touch with the IT provider and determining if a tool such as User Profile Wizard would be appropriate.

      What to do if you need Help

      While we’ve tried to make this onboarding as simple as possible sometimes you might have a question, or you may encounter an error. When you were sent this document, you may have noticed the Security Essentials Enrollment Assistance document that was also included. When you run into any trouble with the enrollment process, you can use this document to get assistance and hopefully keep the onboarding going smoothly.

      Onboarding Flowchart

      Onboard an Existing Device as Corporate (Pro)

      1. Before continuing to add the corporate account, navigate to OneDrive in the task bar. If no icon exists, search for it in the Start menu or download and install it from here. If you already see a blue cloud, select it and ensure it is signed into your corporate account. If it is, proceed to step 8.
      2. Select the “Settings” option.
      3. Select the “Add Account” option. When prompted, input the username and password for the organizational account. Step through the rest of the steps by selecting “Next”.
      4. OneDrive will begin backing up the data within the Desktop, Documents, and Pictures folders from your computer. If there are any other files you would like to take with you to your corporate account, you can add them to a folder on your desktop. When the blue OneDrive cloud in the taskbar turns from a sync icon to solid color, you can proceed to step 5.
      5. Navigate to Settings | Accounts | Access Work or School.
      6. Reference the two figures below. If you find a “Work or School account” account connected, simply click “Disconnect” as an administrator and skip to step 12. If there is no account connected, also skip to step 12. If you find a “Connected to XXXXXX’s Azure AD” account, continue to step 7. [Note: Removing these accounts will remove it from any apps the account is signed in to. If you are unable to disconnect the account, it may be managed by another organization already or the IT department may need to be involved to help.]
      7. Navigate to Accounts | Other Users. Select “Add Account”, followed by “I don’t have this person’s sign-in information”; select “Next”.
      8. Select the option to “Add a user without a Microsoft account”. Input a username of “Temporary” and create a password, along with security questions and answers. (Note: This account will only be used once.)
      9. Once created, navigate back to Accounts | Other Accounts and select the Temporary account you just created. Click “Change account type” and change it form a standard user to administrator user.
      10. Navigate back to Accounts | Access work or school. Select “Disconnect” on the account connected via Azure AD. Follow the prompts to continue to the disconnection, and input the temporary account credentials that was just created. In the “Email Address” field, put in Temporary and the password that was set. Select OK.
      11. A prompt will be displayed to restart the computer. Restart and log in as the Temporary account. (Note: It will look like your account is gone, but don’t worry; it still there, and will appear back soon.)
      12. Navigate to Accounts | Access work or school. There should be no accounts listed under the accounts page, select ‘Connect” to add your account.
      13. When prompted, select the option to “Join this device to Azure Active Directory”. [Note: if there is not an option to perform this, ensure steps 5-7 were followed to completion, along with ensuring the account logged has administrative privileges.]
      14. Follow any prompts for joining the device. Once joined, restart the device.
      15. From the sign in screen, select “Other User”, and input the organization username and password.
      16. Once the organization account has been successfully signed in to check that the device is onboarded as a corporate device according to the steps in the “Identify a Corporate Device” section. The data backed up from the previous account in OneDrive should start to populate.

      You're Finished!

      You should have successfully onboarded your Windows device as a personal or corporate device, this will allow you to get all of the security features and app deployment packages offered by your organization through the Intune management agent. For any other problems or questions, reach out to us!