Set the Intune MDM Authority using PowerShell

Share This Post

If you have been using Office 365 Mobile Device Management in the past and looking to move to Intune, you might notice that functionality like Enrollment Restrictions and the Enrollment Status Page is grayed out in Intune. This is most likely due to the Intune MDM Authority is set to Office 365 and not Intune.

The MDM Authority can be set to one of the following: Unknown, Intune, SCCM or Office 365. MDM Hybrid (the SCCM option) was retired by Microsoft on September 1st 2019 and if you haven’t migrated have a look at this article.

In order to switch the MDM Authority from Office 365 to Intune the Intune PowerShell Module will be leveraged. Install the module and use the Connect-MSGraph cmdlet to sign-in into the tenant.

Install-Module Microsoft.Graph.Intune -Force -Verbose

Next we need to get the tenant directory ID.

$DirectoryID = (Get-Organization).id

Then we can check what the MDM Authority is set to

Invoke-MSGraphRequest -Url "'$DirectoryID')?`$select=mobiledevicemanagementauthority" -HttpMethod Get | Select mobileDeviceManagementAuthority

If the value returns Office 365 we can change the value to Intune by issuing this final command.

Invoke-MSGraphRequest -Url "$DirectoryID/setMobileDeviceManagementAuthority" -HttpMethod Post

Once the MDM Authority has been set to Intune (can take a little while for the backend to process) the options such as Enrollment Restrictions and the Enrollment Status Page should be visible.

Want To See More?

Azure AD

Access Reviews with On-Premise Groups

In some of my earlier post I have talked about Access Reviews that are part of the Identity Governance tools in Azure AD. One of


Access Reviews: Manage Guest Users

Azure AD’s B2B (Business to Business) functionality allows organizations to invite external users into their organization so that they can collaborate. However, very few of