Policy
Enable automatic MDM enrollment using default Azure AD credentials
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT
This policy setting specifies whether to automatically enroll the device to the Mobile Device Management (MDM) service configured in Azure Active Directory (Azure AD). If the enrollment is successful, the device will remotely managed by the MDM service. Important: The device must be registered in Azure AD for enrollment to succeed. If you do not configure this policy setting, automatic MDM enrollment will not be initiated. If you enable this policy setting, a task is created to initiate enrollment of the device to MDM service specified in the Azure AD. If you disable this policy setting, MDM will be unenrolled.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path Software\Policies\Microsoft\Windows\CurrentVersion\MDM Value name AutoEnrollMDM | REG_DWORD | HKLM 1 | HKLM 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | MDM Application ID: ID MDMApplicationId | text | Path Software\Policies\Microsoft\Windows\CurrentVersion\MDM Value name MDMApplicationId Type REG_SZ | None | |
| Computer | Select Credential Type to Use: ID UseAADCredentialTypeDrop | enum | Path Software\Policies\Microsoft\Windows\CurrentVersion\MDM Value name UseAADCredentialType Type REG_DWORD | Options: User Credential (1), Device Credential (2) |