Why is this happening when trying to register new computer with a work or school account?

[thecomputerguy]

Typically my process in setting up a new PC includes setting up a TAP and then registering the device using a Windows Hello PIN.

The account in question is a Business Standard account. If I promote the account to Business Premium I am able to login properly on the new computer and register the device with Entra/Intune.

I want the device to register so it will retain the BitLocker key mostly...

 

[Sky-Knight]

Business Standard has Entra ID O365, which will allow for the device to Join Entra ID, but it doesn't have an Intune entitlement so no Intune.
Business Premium has Entra ID P1, and Intune P1, so fully functional endpoint management which includes automatic ownership assignment.

In other words, it's working as intended.

You can go through the wizard to join a domain, set a local admin password, then join the machine to Entra ID, and the Business Standard user can login with his M365 account and use the device. However, if you want that user to have local admin rights, you're going to be on the command line to assign it. You're in hard mode, because you're being cheap.

 

[HCHTech]

You're in hard mode, because you're your client is being cheap.

FTFY.

 

[britechguy]

Or, perhaps, the client is "living within their means" and/or "buying the service level I believe meets my needs."

The amount of hubris on display as far as dictating "the only suitable level of service" for a client you don't know, don't work with, and don't know what they're trying to achieve is breathtaking.

One size does not fit all, and not all want or need the "gold-plated" option of anything.

Yes, certain clients can be cheap, but the presumption almost all the time that this has to be the case, and the primary reason a given service level is chosen, is entirely unjustified. The arrogance in believing you know what's best from a less than thumbnail sketch is breathtaking.

 

[Sky-Knight]

FTFY.

No, you didn't.

The customer does what you allow, you're the expert. Stop supporting garbage.

This is a signed liability waiver AT LEAST. Entra ID P1 for all enabled accounts or bust.

Though if I'm honest, Microsoft should have forced Entra ID P1 into all plans as a standard... that mess upsets me far more. The platform CANNOT BE SECURED without it.

Would be nice if we could pair Entra ID F1 with Business Basic too... but... bleh.

 

[britechguy]

The customer does what you allow,

Or they walk. And if you talk to customers like you talk here, I'm sure they do.

 

[thecomputerguy]

Hey yall I just wanted to chime in ... not everyone is going to pay for Business Premium ... the answer I was asking/looking for for is here. Now Business Standard accounts register properly.

It appears that Intune is added and enabled automatically on tenants whether you have a Business Premium License on the tenant or not.

 

[thecomputerguy]

Yes Ideally I'd use Intune and Business Premium accounts but It's hard to justify Intune for a company of 6 people. I'm not their fulltime IT Employee.

I would imagine for this to work WITH intune enabled licenses you just have to create groups with Business Premium licensed users in it and define that in the intune scope.

Obviously Business Premium also comes with advanced threat policies which is also a valuable addition.

 

[YeOldeStonecat]

I would imagine for this to work WITH intune enabled licenses you just have to create groups with Business Premium licensed users in it and define that in the intune scope.

I love InTune for just 1 person, company size don't matter.
Anyways, "Dynamic Group" to gather M365BP licensed users, to apply user based rules to....

user.assignedPlans -any (assignedPlan.servicePlanId -eq "41781fb2-bc02-4b7c-bd55-b576c07bb09d" -and assignedPlan.capabilityStatus -eq "Enabled")

 

[thecomputerguy]

I love InTune for just 1 person, company size don't matter.
Anyways, "Dynamic Group" to gather M365BP licensed users, to apply user based rules to....

user.assignedPlans -any (assignedPlan.servicePlanId -eq "41781fb2-bc02-4b7c-bd55-b576c07bb09d" -and assignedPlan.capabilityStatus -eq "Enabled")

InTune is completely new to me, if you have time can you give some examples of how InTune would be beneficial even for such a small setup of a tenant with 1 user?

I'm mildly familiar with the ability to remote wipe the system, that's about it.

I know that question is ... very generalized and broad for such an expansive tool such as InTune ... I plan on doing my own testing and research when I have time.