• AD-joined PC running Windows 10, version 1709 or later
  • Enterprise has MDM service already configured (with Intune or a third party service provider)
  • Enterprise AD must be integrated with Azure AD.
  • Ensure that PCs belong to same computer group.

[!IMPORTANT] If you do not see the policy, it may be because you don’t have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):

  1. Download:
    1803 -->Administrative Templates (.admx) for Windows 10 April 2018 Update (1803) or
    1809 --> Administrative Templates for Windows 10 October 2018 Update (1809) or 1903 --> Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)
  2. Install the package on the Domain Controller.
  3. Navigate, depending on the version to the folder: 1803 --> C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2, or
    1809 --> C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2, or 1903 --> C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3
  4. Rename the extracted Policy Definitions folder to PolicyDefinitions.
  5. Copy PolicyDefinitions folder to C:\Windows\SYSVOL\domain\Policies. (If this folder does not exist, then be aware that you will be switching to a central policy store for your entire domain).
  6. Restart the Domain Controller for the policy to be available.

This procedure will work for any future version as well.

  1. Create a Group Policy Object (GPO) and enable the Group Policy Computer Configuration > Policies > Administrative Templates > Windows Components > MDM > Enable automatic MDM enrollment using default Azure AD credentials.
  2. Create a Security Group for the PCs.
  3. Link the GPO.
  4. Filter using Security Groups.