2 Replies

  • Is this doable, yes, is it going to be a lot of work to get this going maybe.

    First each tablet is going to need a username and license. I don't know if there are device only Intune licenses, but the cheapest Office365 license I can find that includes Intune is a Microsoft 365 F1 plan that is $2.25 per user per month. Once you have the licensing sorted out then there is Intune itself.

    You will need to have these tablets be Hybrid Domain Joined devices in in Azure AD, this part is key since only Hybrid and Azure Joined devices can be used in Intune. If the devices are just Azure AD Registered that will not work. If you have the AAD Connect running on prem, it is just as simple as syncing the OU for those devices so the computer object in your on prem AD are synced to Azure AD.

    Next If you are already using Intune for other devices then things should be simple. If not there is some leg work to do.

    First if you only want to use Intune for these tablets I would recommend making a security group in your on-prem AD. Again make sure this group sync to Azure AD. In Intune you can limit enrollment to just groups.

    Then you need to build out your app in Intune. If they are Win32 or something else you will need to get those setup into Intune. With each app you can limit the install to groups. Again setup some groups in your on-prem AD sync to Azure, and set the access for the app installs to those groups. Then in your on-prem AD drop the computer objects into which groups the need to be part of.

    As far as settings and what not, you can still use your on-prem GPO or there is a host of configuration settings "Azure GPOs" you can apply as well.

    There are a number of good guides and videos out there to help you. I learned everything I know about Intune from guides videos and a crap load of trial and error. I also have a sandbox Office365 tenant from Microsoft just to play in (FYI you can get a free sandbox tenant from MS with 25 E5 licenses to test anything you want)

    If you wanted to take that next step I would look into Autopilot as well. I am setting that up to the point where all I need to do is have the user just log in and everything I need setup is automatically provisions. Everything from the keyboard layout, to wifi networks, OneDrive and all our apps/programs are automatically installed and configured. All I have to do IT wise is enroll the device into Autopilot. That is even going to change because some vendors like Dell, HP, and Lenovo can enroll the devices into Autopilot for you.

    Was this post helpful? thumb_up thumb_down
  • Hey OP - As other SpiceHeads chime in with their suggestions... This is bit of a side note, but if you have more MS licensing questions, you're welcome to contact Trusted Tech Team for some (free) help along the way! TTT is a Microsoft Gold Partner with competitive (low) prices, U.S. based support engineers for you by phone, chat or email, and can help you with your licensing questions pretty quickly. I'm thinking it might be easier to handle your situation if the team chats with you directly, so, if you're up for it!

    You can contact the team using these contact methods:

    Tel: (855) 202-8140
    Fax: (949) 625-6443
    Sales/Customer Service Hours: M-F 6AM to 4PM PST
    Email: support@trustedtechteam.com

    Was this post helpful? thumb_up thumb_down

Read these next...