Is it possible to enrol a device in Intune without ever having to authenticate on the device itself?
When it comes to enrolling devices in Intune, there are multiple ways to do so. In a user based enrolment, one will require to provide Entra ID credentials at some stage or the other. However, things can become challenging when there are other authentication requirements like certificates in addition to providing standard user credentials. This is normally a case in organization that are federated with Active Directory Federation Services (ADFS) or with a non Microsoft Identity provider. A configuration requires a trusted certificate issued to a user or a device before the authentication can be allowed, but one cannot really deliver the certificate if the device is being born in the cloud and hasn't yet enrolled in Intune yet. It's a chicken and egg kind of situation. So how does one get around this without compromising on the security? The answer lies in the sign-in options at the time of the enrolment. There are some options available with the Sign-in options, but it is '...