Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article can help system administrators sign up for an Intune account. Before you sign up for Intune, determine if your organization already uses Microsoft Entra ID. Entra ID supports work or school accounts that you use with Intune and other Microsoft online services and subscriptions, like Microsoft Azure and Microsoft 365.
To add an Intune subscription to an Entra tenant, you must use an account that is assigned an Entra ID built-in role with sufficient permissions to add Intune. The initial sign-up page identifies the applicable built-in roles, which include Billing Administrator, Compliance Administrator, and Global Administrator.
If you don’t have an Entra tenant, then an Entra tenant is created for your organization when you sign up for an Intune subscription, which is common for trial subscriptions. In this scenario, the account you use to sign up automatically receives the Global Administrator role for the new Entra tenant.
Tip
The Global Administrator built-in role is a privileged Entra ID role, and isn’t recommended for daily use. As described later in this article, you can reduce reliance on this role by assigning a less-privileged role to administrators who manage Intune and perform daily tasks.
Warning
You can't combine an existing work or school account after you sign up for a new account.
Important
On October 15, 2024, Microsoft began enforcement of the Azure sign-in requirement to use multifactor authentication (MFA). When enforced, MFA is required for all users who sign-in to Intune admin center regardless of any roles they have or don’t have. The MFA requirements also apply to services that you access through the admin center, like Windows 365 Cloud PC, and to use of the Microsoft Azure portal and Microsoft Entra admin center. MFA requirements don’t apply to end users who access applications, websites, or services hosted on Azure where those users don’t sign-in to the admin center.
The requirement to sign-in using MFA applies to all Intune subscriptions, including Plan 1 subscriptions with or without add-ons, and free trial subscriptions. The prerequisites and process required to configure MFA depend on the MFA method you choose to use for your tenant. Shortly after MFA is enabled for a tenant, subsequent sign-in attempts require the user to complete setup for using the configured MFA solution.
To learn more about the MFA requirement, see Planning for mandatory multifactor authentication for Azure and admin portals in the Microsoft Entra documentation.
In the Microsoft Entra planning article, you’ll find guidance and resources to help you Prepare for multifactor authentication, including methods to configure MFA including but not limited to:
- Conditional Access policies
- The MFA Wizard for Microsoft Entra ID from the Microsoft 365 admin center
- Entra ID security defaults
Role-based access controls
Securing access to your organization is a foundational security step. We recommend immediately after you sign up for Intune, plan to use the Microsoft 365 admin center to assign a user account the Entra ID built-in role Intune Administrator.
Like the Global Administrator, the Intune Administrator is a privileged account. However, the permissions this role includes are applicable only within the scope of Microsoft Intune.
In addition to configuring Intune, an Intune Administrator can use the Intune admin center to assign other user accounts to the specific Intune built-in roles that they require to complete their regular day-to-day administrative tasks. Use of lesser-privileged roles to manage daily tasks follows the principle of least privileged access and reduces risk.
For more information, see Best practices for Microsoft Entra roles, and Role-based access control (RBAC) with Microsoft Intune.
How to sign up for Intune
-
- In a web browser, open the Intune set up account page and solve the puzzle to confirm you're not a robot.
On the Sign-in details page, sign in or sign up to manage a new subscription of Intune.
Post sign up considerations
After you sign up for a new subscription, you receive an email message that contains your account information at the email address that you provided during the sign-up process. This email confirms your subscription is active.
After completing the sign-up process, you're directed to the Microsoft 365 admin center to add users and assign them licenses. If you only have cloud-based accounts using your default onmicrosoft.com ___domain name, then you can go ahead and add users and assign licenses at this point. However, if you plan to use your organization's custom ___domain name or synchronize user account information from on-premises Active Directory, then you can close that browser window.
Sign in to Microsoft Intune
After signing up for Intune, use any device with a supported browser to sign in to the Microsoft Intune admin center to administer the service. Administration of Intune requires your account to have sufficient RBAC permissions within Intune for the tasks you want to manage. Initially, you might use an account that is assigned the Microsoft Entra ID built-in role of Intune Administrator.
The Intune Administrator is a privileged role with global permissions within Microsoft Intune. With this role a user can configure Intune, add users, create groups of users, and assign the members of those groups Intune RBAC roles that provide them less privileged administrative access for daily use.
Microsoft recommends using roles with the least privilege necessary for daily administration, reducing risk if an account is compromised. To learn more about Intune built-in and custom RBAC roles and for guidance about assigning these roles to users, see Use role-based access control with Microsoft Intune.
Intune Admin portal URL
Microsoft Intune admin center: https://intune.microsoft.com
Intune for Education: https://intuneeducation.portal.azure.com
URLs for Intune services provided by Microsoft 365
Microsoft 365 Business: https://portal.microsoft.com/adminportal
Microsoft 365 Mobile Device Management: https://admin.microsoft.com/adminportal/home#/MifoDevices