Deploy Intune
      Back to home
      1. Sittadel Knowledge Base
      2. Deploy Intune

      Windows Personal Device Settings Onboarding

      This guide will provide background information on the onboarding process for a Windows Personal Device utilizing Windows Settings to Intune join.

      What is Onboarding?

      When we refer to the term onboarding, what we really mean is joining the device to our tenant so that we can manage it. We need to be able to manage devices not to see user’s files, actions, or information, but to push down security policy to protect them. When a device is onboarded, it means we can manage the device in these ways along with disabling them or pushing actions to them.

      Corporate vs Personal Devices

      With so many people working from home, it is become commonplace for users to use whichever computer they like to access company resources. While certainly convenient, it is creating a huge problem for organizations that want to keep their data secure and devices managed. These devices may also be referred to as “BYOD”, or “Bring Your Own Device”. Bearing this in mind, if a computer wishes to access company resources as an internal user – whether the device is corporate owned or not – the device must be onboarded.

      Personal Devices

      Personal devices are seen as those devices which are not provided/owned by the organization. When a device is not owned by the organization, certain security policies will not be applied to allow the users to still retain ownership of their devices. However, this does not absolve them of the critical security policy that must be applied to all computers, whether personal or corporate. The organization will determine in which situations a user should be allowed to use a personal device, and access into the tenant may be removed at any time, along with de-joining the device from being managed by the organization. The organization and user may determine if wiping the device is appropriate to clear any lingering security policy or company data.

      Corporate Devices

      Corporate devices are seen as those devices which are provided/owned by the organization. These devices fall under the full control of the organization and are secured with methodology that reflects this. The same critical security policies are applied, along with additional security to help the organization protect its assets and data to a more comprehensive level. These devices will also call out to the organization when reset, and will prevent outside organizations from being signed in on them via Autopilot.

      When a device is converted to a corporate device, if the account currently signed in is not that corporate account, then the new corporate account will need to be signed in to. This means a transfer of information from the current profile to the new one may be required, with the prepended OneDrive sign in steps helping to ensure the easy transfer of essential information contained in the Desktop, Documents, and Pictures folders. Most programs and applications should transfer with the switch. If a complete profile transfer must occur, such as windows settings or local bookmarks, we recommend getting in touch with the IT provider and determining if a tool such as User Profile Wizard would be appropriate.

      What to do if you need Help

      While we’ve tried to make this onboarding as simple as possible sometimes you might have a question, or you may encounter an error. When you were sent this document, you may have noticed the Security Essentials Enrollment Assistance document that was also included. When you run into any trouble with the enrollment process, you can use this document to get assistance and hopefully keep the onboarding going smoothly.

      Onboarding Flowchart

      Onboard an Existing Device as Personal (Home or Pro)

      1. Navigate to Settings | Accounts | Access Work or School.
      2. If the accounts page does not have any accounts linked with the “Connected to XXXXX Azure AD” verbiage, then select “Enroll only in device management.” [Note: In order to select this option, the user must be an administrator. If there is a separate administrator account on the computer, log in to it and perform this step.]
      3. Enter the credentials when prompted.
      4. When completed, this box will appear to confirm it is setting up the device; click “Got it”.
      5. Check to ensure that a page similar to below is shown. If there was already an account on the device, it will be displayed alongside the “Connect to XXXX MDM” account. The device is onboarded as a personal device.

      You're Finished!

      You should have successfully onboarded your Windows device as a personal or corporate device, this will allow you to get all of the security features and app deployment packages offered by your organization through the Intune management agent. For any other problems or questions, reach out to us!