create cname records for intune windows autopilot

  • Purpose of CNAME Record for Intune Windows Autopilot
  • Create CNAME Record for Intune Autoenrollment
  • Create CNAME Record for Azure AD Registration
  • Validate CNAME for the Domain in Intune

Purpose of CNAME Record for Intune Windows Autopilot

  • CNAME records are DNS records that are used to map an alias name to a Canonical or True Domain Name (CName). It is also used for verifying that you own the domain you are specifying. 
  • In Intune, even though Android, iOS, iPadOS and MacOS do not require a CNAME record because of the use of Company Portal application to connect to the MDM server, Windows devices require the CNAME records to point them automatically to the company’s MDM server otherwise users will be prompted to manually enter the path to connect to the server which is “enrollment.manage.microsoft.com“.
  • Adding the CNAME records helps Windows devices to automatically discover and connect to the MDM server during device enrollment. 

Create CNAME Record for Intune Autoenrollment

To create the CNAME record for device enrollment, navigate to your domain hosting platform and create this CNAME DNS record;                   

Host Name:  EnterpriseEnrollment.your_domain_name.com/org/gov

DNS Record Type:  CNAME

Redirect To/Point To: EnterpriseEnrollment-s.manage.microsoft.com 

Time To Live (TTL): 1 hour                                                                                             

Create CNAME Record for Azure AD Registration

  • If you plan to use Conditional access policies to manage Windows devices in Intune, then it is important to create another CNAME record for device registration in Azure Active Directory (Azure AD).
  • To create the CNAME record for device registration in Azure AD, navigate to your domain hosting platform and create this CNAME DNS record;

Host Name:  EnterpriseRegistration.your_domain_name.com/org/gov

DNS Record Type:  CNAME

Redirect To/Point To: EnterpriseRegistration.windows.net 

Time To Live (TTL): 1 hour              

Validate CNAME for the Domain in Intune

  • After creating the CNAME records, wait for about 72 hours for the DNS to propagate the changes that have been made. 
  • You can use online DNS propagation tools such MxToolbox.com and DNSchecker.com to check the status of your DNS propagation. 
  • After DNS propagation has completed, you can navigate to the Intune Admin Portal>>>Devices>>>Windows>>>Windows Enrollment>>>CNAME Validation>>> in the Domain area enter your domain “skoanowtechnologies.com” and click on “Test“. If you see “CNAME for skoanowtechnologies.com has been configured correctly“, then you have completed the CNAME validation process.