Deep link
Till now, we have seen three types of Intune enrollment namely using company portal, Auto-enroll, Manual way. In this post, we will learn unique way of enrolling windows 10 devices and that is through Deep link. This link (URL) can be sent to users through mail (helpful in case such as a welcome email or an internal onboarding web page) to ease their windows OS laptop enrolment process. In other words, it’s just a shortcut to Enroll only in device management option. After clicking on link, users will be directed to the new enrollment experience that will invoke built-in Windows enrollment app where user will enter their corporate credentials and device will be enrolled to Intune.
Some Insights
In Windows 10 1607, deep link will only support connecting devices to MDM. It will not support adding a work or school account, joining a device to Azure AD and joining a device to Active Directory. From Windows 10 1703, deep link supports Adding Work Account (AWA), Azure Active Directory Join (AADJ).
How to create Deep link
let us know how we can connect our windows device to work. It has some specific format or say syntax that should be followed. Here’s the syntax :
ms-device-enrollment:?mode={mode_name}
Parameter | Description | Supported Value |
---|---|---|
mode | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607 | MDM, AWA, AADJ |
username | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703 | string |
servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string |
accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
deviceidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to pass in a unique device identifier. Added in Windows 10, version 1703. | string |
tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703. | GUID or string |
ownership | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where “1” means ownership is unknown, “2” means the device is personally owned, and “3” means the device is corporate-owned |
Here are some examples:-
ms-device-enrollment:?mode=mdm
We can make it more easier by adding username as a parameter in the link so that it would already be filled in the email address box.
ms-device-enrollment:?mode=mdm&username=nktest001.onmicrosoft.com
References
Enroll windows 10 device using Deep link Different enrollment methods