The Mobile Device Management (MDM) authority determines where you will run mobile device management tasks. You can set the MDM authority to Microsoft Intune by using the Intune administrator portal.
Intune Standalone: Cloud-only management that you configure by using the Azure portal. Includes the full set of capabilities that Intune offers. For more information, see Set the MDM authority in the Intune console.
Set MDM authority to Intune
If you haven't yet set the MDM authority, follow these steps.
-
In the Microsoft Endpoint Manager admin center, select the orange banner to open the Mobile Device Management Authority setting. The orange banner is displayed only if you have not yet set the MDM authority.
-
Under Mobile Device Management Authority, select your MDM authority from the following options:
- Intune MDM Authority
- None
A message indicates that you have successfully set your MDM authority to Intune.
Change MDM authority to Office 365
To activate Office 365 MDM in addition to your existing Intune service, go to https://protection.office.com, select Data Loss Prevention > Device Security Policies > View list of Managed Devices > Let's get started.
For more information, see Set up Mobile Device Management (MDM) in Office 365.
If you want users to be managed only by Office 365 MDM, remove any assigned Intune or EMS licenses after you activate Office 365 MDM.
Microsoft Documentation: https://docs.microsoft.com/en-us/troubleshoot/mem/intune/set-mdm-authority
Use the steps below in case you are unable to set MDM authority through GUI
#Open an elevated Power Shell window
#Install the module and use the Connect-MSGraph cmdlet to sign in to the tenant. (one-time use)
install-module microsoft.graph.intune -force -Verbose
#connect to ms graph
Connect-MSGraph
#we need to get the tenant directory ID.
$DirectoryID = (Get-Organization).id
#we can check what the MDM Authority is set to
Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/organization('$DirectoryID')?`$select=mobiledevicemanagementauthority" -HttpMethod Get | Select mobileDeviceManagementAuthority
#we can change the value to Intune by issuing this final command
Invoke-MSGraphRequest -Url "https://graph.microsoft.com/v1.0/organization/$DirectoryID/setMobileDeviceManagementAuthority" -HttpMethod Post
Comments
0 comments
Please sign in to leave a comment.