How to sign up for Microsoft Intune, configure MDM authority to Intune, and create a custom domain read here.
User and group management in Microsoft Intune
To manage devices using Intune, you first need to create users who will utilize these credentials to connect to Intune. You can create users in Microsoft 365 admin center or Microsoft Endpoint Manager admin center. In this example, we’ll create users in Microsoft Endpoint Manager.
After signing into Azure portal, on the pane, choose Users -> All users -> New user -> Create user.
While creating a new user, indicate the Username (the name used to sign in to Azure AD), Name (user’s given name), the Job title, Department, Company name, and Location. Here, the user’s password can be auto-generated, or you can choose your own.
If you want to assign a user to groups, go to Groups on the pane and select the group you’re assigning to the user. Click Select.
By default, the role of the newly created user is User. To assign a new role to the user, select User -> Assigned roles -> Add assignments. In the Directory roles menu select a role you want to assign to the user and click Select.
Following all these steps, click Select to create the new user in Microsoft Intune.
Creating a new group
You can create groups in Microsoft Endpoint Manager admin center to organize users and devices by different criteria, such as location, department, hardware characteristics.
To create a group in Microsoft Endpoint Manager admin center, go to Groups on the pane and select New Group.
There are two types of groups in Microsoft Intune:
- Security group defines who can access the resources in Intune (recommended). Security groups can contain users (excl. financial department employees) and devices (excl. All Windows 10 devices).
- Microsoft 365 group provides collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, etc. It’s used for collaboration between users, both inside and outside your company.
Enter a Group name and Group description.
Select one of three Membership types for the group. There are three types of Group Membership:
- Assigned: You can manually assign/remove users and devices to/from the group.
- Dynamic user: You can assign the user to the group based on the assignment rules (e.g., department or location) that automatically add or remove the user.
- Dynamic device: The user will be added or removed automatically based on the device type, OS, etc.
| Group type | Membership Types |
| Assigned | |
| Security group | Dynamic user |
| | Dynamic device |
| Microsoft 365 Group | Assigned |
| | Dynamic user |
In this menu, you can add the group owner and group members. Except for the authority to add and remove group members, Group owners have special permissions to manage the group, such as changing group settings, renaming the group, updating its profile image and description, etc. Members have access to everything in the group, but they cannot change the group settings.
To create the group, click Create. Now you can see your group on the list.
Assigning licenses to users in Microsoft Intune
The next step is to assign each user an Intune license (and other licenses if needed) before enrolling their devices. In this example we’ll explain how to assign an Intune license to the user in Microsoft Endpoint Manager admin center.
On the pane, select Users -> All Users -> pick a user -> Licenses -> Assignments.
Select the box Intune (and other desired licenses) and click Save.
Now you can enrol users’ devices into Intune.
