New Mexico Department of Transportation
Intune Migration
Revision 1
Intune Migration Instructions
Step 1: Perform Inventory
Review all devices to ensure they meet the minimum hardware and operating system requirements for Microsoft Intune.
· Enabled for UEFI secure boot.
· Trusted Platform Module 2.0.
· Capable of Virtualization-based security.
· Hypervisor-protected code integrity supported by the BIOS. Devices should meet or exceed following limits for storage and memory:
· Boot drive must be any type other than a hard disk. For example, SSD, NVMe, and eMMC drives are all valid choices.
· Boot drive must have a capacity of at least 128 GB.
· Internal device memory (RAM) must equal or exceed 8 GB.
Upgrade or replace devices that do not meet the minimum or recommended requirements. This will save a lot of headaches troubleshooting devices that will not join Intune.
Device requirements | Microsoft Learn
Operating systems and browsers supported by Microsoft Intune | Microsoft Learn
Step 2: Create a customized, phased migration plan
It is recommended that your devices be migrated in batches. Creating a customized migration plan according to your area needs may assist in a smooth transition into Microsoft Intune.
See: Planning guide to move to Microsoft Intune | Microsoft Learn
Step 3: Prepare your environment for Microsoft OneDrive
When a device is enrolled in our Microsoft Intune environment, several Intune-specific policies will be applied to it. One of these policies will automatically sign users into Microsoft OneDrive and sync their Desktop, Documents, and Pictures files to OneDrive.
If a user does not want a file to synchronize with Microsoft OneDrive, it will need to be stored outside of those three locations. This is useful for some files but not recommended, as the files could be lost if there is hardware or other system failure.
Be prepared to troubleshoot file connections and links, as OneDrive will break most links between files that use a static or hardcoded file path to a file in a user’s Desktop, Documents, or Pictures folders.
PST files attached to the Outlook Client need to be imported into each user's Online Archive. This Online Archive allows a user to access their archived files from the cloud and will appear as an option within their Outlook Desktop and Web clients. The Online Archive feature can be enabled on a user’s profile through Cayosoft.
Step 4: Begin migration
After performing the first three steps, you are ready to begin your migration into Microsoft Intune by placing selected devices into the TestSync OU. After a device has been placed into the TestSync OU, it can take some time for it to appear in Microsoft Intune. Performing a gpupdate
/force on the device will assist with enforcing the GPO that enrolls the device into Intune with a logged-in user's Azure credentials.
Troubleshoot device enrollment in Intune - Intune | Microsoft Learn
Joining a device to Intune is not always the same. Try some of the methods below to enroll a device in Microsoft Intune. The last resort is to replace the device.
METHOD 1: Sync
1. Open ‘Access work or school’ using the search bar
2. Select the ‘asetdm.lcl’ dropdown
3.
Select ‘Info’ next to ‘Managed by State of New Mexico’
4. Select ‘Sync’ and wait for the device to Sync.
5. After the sync is completed, back out of your current window and into the Info window (To refresh the window).
6. Verify that the Intune policies have been downloaded to the device similar to the below image:
7. Once the Intune policies appear, check Microsoft Intune to verify that the device has joined Intune. If it does not show up immediately, wait a few minutes and check again.
METHOD 2:
1. Sign in to the device using your complete email address: first.last@dot.nm.gov
2. Run a gpupdate /force
a. This will force the GPO to join the device to Intune using Microsoft Credentials
3. Wait a few minutes and check Microsoft Intune to see if the device has joined.
METHOD 3: Device Registration Troubleshooter Tool
1. Use the Device Registration Troubleshooter Tool
a. Download this script from Device Registration Troubleshooter Tool - Code Samples | Microsoft Learn
2. Open PowerShell ISE as an Administrator
3. Open the downloaded DSRegTool PowerShell script
4. Run the following command in the command line:
a. Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope Process
i. This allows the script to run for ONLY the process
5. Run the PowerShell script
6. When prompted, select option 3 and follow the series of prompts
7. After completing the steps, check to see if the device has joined to Microsoft Intune.
8. Make sure to close out of PowerShell ISE when finished.
METHOD 4: Company Portal
1. Download and install the Company Portal from the Microsoft Store
2. Sign in to the Company Portal using the user's email and password
3. Within the Company Portal, select ‘Settings’
4. Select the ‘Sync’ button
5. Wait for the sync to complete and verify that the device has joined to Microsoft Intune.
METHOD 5: Enroll using Connect
1. Sign into the computer using administrator credentials
2. Open ‘Access work or school’ using the search bar
3. Select ‘Connect’
4. Sign in using the user's email address and password and follow the prompts to completion.
5. The user account should now appear under the ‘Add a work or school account’
6. Verify that the device has joined Microsoft Intune.
a. NOTE: The device properties will need to be modified within Microsoft Intune from ‘Personal’ to ‘Corporate’
METHOD 6: Replace the computer
1. When setting up a new computer, ensure it is in the ‘TestSync’ OU in Active Directory before joining it to the domain.
2. Before deploying the device to the user, perform Method 2 and Method 1. This method almost always works with a new device.