Currently we have a 365 account - 50 users, and 50 local machines with local logins.
According to my reading, 365 can manage configs on these machines and allow to specify which 365 users can log into which local machine.
When reading about how to enroll a machine into 365/Intune, it appears that the only way to get it all setup is with user intervention for a user enrollment scheme. This is off the table.
When reading about using a ps1 script to do it without user intervention, I the approach is different and seems to require that the machine already be setup with AD using a device enrollment scheme when setting up Intune on the 365 side.
To create an Azure AD tenant from the Microsoft 365 admin center, follow these steps:
Sign in to the Microsoft 365 admin center with your admin account.
Go to the "Admin centers" section and click on "Azure Active Directory".
On the Azure AD page, click on "Create a tenant".
Follow the prompts to create your Azure AD tenant.
Alternatively, you can also create an Azure AD tenant directly from the Azure portal, which is a separate service.
Looking for help overcoming my confusion about the pieces parts involved in getting all of these machines to become fully managed.
I do have the ability to deploy scripts to the machines thru ninja and all of these machines have the ninja agent activated.
