Enable automatic MDM enrollment using default Azure AD credentials


This policy setting specifies whether to automatically enroll the device to the Mobile Device Management (MDM) service configured in Azure Active Directory (Azure AD). If the enrollment is successful, the device will remotely managed by the MDM service.

Important: The device must be registered in Azure AD for enrollment to succeed.

If you do not configure this policy setting, automatic MDM enrollment will not be initiated.

If you enable this policy setting, a task is created to initiate enrollment of the device to MDM service specified in the Azure AD.

If you disable this policy setting, MDM will be unenrolled.

Supported on: At least Windows 10 or Windows 10 RT

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\MDM
Value NameAutoEnrollMDM
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Select Credential Type to Use:


  1. User Credential
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\MDM
    Value NameUseAADCredentialType
    Value TypeREG_DWORD
    Value1
  2. Device Credential
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\MDM
    Value NameUseAADCredentialType
    Value TypeREG_DWORD
    Value2

MDM Application ID:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\MDM
Value NameMDMApplicationId
Value TypeREG_SZ
Default Value

MDM Application ID represents the ID of your MDM application that is configured in Azure AD. This is optional and only required for automatic MDM enrollment using device credentials when multiple MDM applications are configured in Azure AD.


mdm.admx

Administrative Templates (Computers)

Administrative Templates (Users)