Manual SCP Setup Detail
To give you more specific details of:
https://eelhpesoj.github.io/Manual-SCP-Setup/
1. SCP configuration maunally
1. Create new container
-
Run ADSI Edit
-
Connect to configuration
-
Create New object under the Services
-
The class should be ‘container’
-
Set value as ‘Device Registration Configuration’
-
Click Finish
2. Create Service Connection Point
-
Create new object under the ‘Device Registration Configuration’
-
The class should be ‘serviceConnectionPoint’
-
Set value as ‘62a0ff2e-97b9-4513-943f-0d221bd30080’
-
Set more attributes
-
Configure just like this
[note] azureADName is the domain name enrolled to your tenant. azureADId is the tenant GUID.
- Click ‘Finish’
Check using Powershell
$ConfigurationPartition = (Get-ADRootDSE).configurationNamingContext
$scp = New-Object System.DirectoryServices.DirectoryEntry
$scp.Path = "LDAP://CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,$ConfigurationPartition"
$scp.Keywords
2. Intune Auto Enrollment
If you deploy service connection point, you might also need to enroll the devices to the Intune automatically. So the steps below is to make GPO and link it to the device OU to enroll the devices into Intune using user credential.
1. Preparation
-
Download the latest admx
-
Install it
- Go to the following path and copy all items right here.
C:\Program Files (x86)\Microsoft Group Policy\Windows 11 October 2023 Update (23H2)\PolicyDefinitions - Go to the following path and pate here.
C:\Windows\SYSVOL\sysvol\cake.run.local\Policies\PolicyDefinitions
2. Create GPO
-
Run Group Policy Management and create new GPO.
-
Edit it.
- Got to the following path and configure ‘Enable automatic MDM enrollment using default Azure AD credentials’
Computer Configuration > policies > administrative templates > Windows components > MDM - Configure just like this
Client side
Client might need to execute the command:
gpupdate /force
gpresult /r
And also restart their device as well.
Leave a comment