Policy
Enable automatic MDM enrollment using default Azure AD credentials
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT
This policy setting specifies whether to automatically enroll the device to the Mobile Device Management (MDM) service configured in Azure Active Directory (Azure AD). If the enrollment is successful, the device will remotely managed by the MDM service. Important: The device must be registered in Azure AD for enrollment to succeed. If you do not configure this policy setting, automatic MDM enrollment will not be initiated. If you enable this policy setting, a task is created to initiate enrollment of the device to MDM service specified in the Azure AD. If you disable this policy setting, MDM will be unenrolled.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM\AutoEnrollMDM | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
MDM Application ID: ID MDMApplicationId | text | HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM\MDMApplicationId Type REG_SZ | None |
Select Credential Type to Use: ID UseAADCredentialTypeDrop | enum | HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM\UseAADCredentialType Type REG_DWORD | Options: User Credential (1), Device Credential (2) |
Other policies in this category
Explore related policies at the same level.