Microsoft Intune: Enroll using deep link

Published on: October 2, 2021 | Reading Time: 3 min | Last Modified : October 2, 2021

Deep link

Till now, we have seen three types of Intune enrollment namely using company portal, Auto-enroll, Manual way. In this post, we will learn unique way of enrolling windows 10 devices and that is through Deep link. This link (URL) can be sent to users through mail (helpful in case such as a welcome email or an internal onboarding web page) to ease their windows OS laptop enrolment process. In other words, it’s just a shortcut to Enroll only in device management option. After clicking on link, users will be directed to the new enrollment experience that will invoke built-in Windows enrollment app where user will enter their corporate credentials and device will be enrolled to Intune.

Some Insights

In Windows 10 1607, deep link will only support connecting devices to MDM. It will not support adding a work or school account, joining a device to Azure AD and joining a device to Active Directory. From Windows 10 1703, deep link supports Adding Work Account (AWA), Azure Active Directory Join (AADJ).

let us know how we can connect our windows device to work. It has some specific format or say syntax that should be followed. Here’s the syntax :

ms-device-enrollment:?mode={mode_name}
ParameterDescriptionSupported Value
modeDescribes which mode will be executed in the enrollment app. Added in Windows 10, version 1607MDM, AWA, AADJ
usernameSpecifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703string
servernameSpecifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703.string
accesstokenCustom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703.string
deviceidentifierCustom parameter for MDM servers to use as they see fit. Typically, this can be used to pass in a unique device identifier. Added in Windows 10, version 1703.string
tenantidentifierCustom parameter for MDM servers to use as they see fit. Typically, this can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703.GUID or string
ownershipCustom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703.1, 2, or 3. Where “1” means ownership is unknown, “2” means the device is personally owned, and “3” means the device is corporate-owned

Here are some examples:-

ms-device-enrollment:?mode=mdm

We can make it more easier by adding username as a parameter in the link so that it would already be filled in the email address box.

ms-device-enrollment:?mode=mdm&username=nktest001.onmicrosoft.com

References

Enroll windows 10 device using Deep link Different enrollment methods