![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 5%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EON%3C/text%3E%3C/svg%3E)
Hi rr-4098,
You are correct that Windows 10 ESU licenses require activation on the affected workstations, but ESU licenses only use MAK (Multiple Activation Key) activation and cannot be activated through KMS or AD Activation.
ESU Activation Method
MAK Only - No KMS Support: Windows 10 ESU licenses are exclusively MAK-based and do not support KMS activation. There is no "ESU KMS" option available - Microsoft only provides ESU MAK keys through the Volume Licensing Service Center.
Intune Deployment Method: Since you're using Intune, you can deploy the ESU MAK keys efficiently using PowerShell scripts. Create a PowerShell script with the ESU MAK and appropriate activation ID, then deploy it through Intune's Scripts or Remediation features.
Implementation Steps
Retrieve ESU MAK Keys: Access your ESU MAK keys through the Microsoft 365 admin center under Billing > Your Products > Volume licensing tab > View contracts > View product keys. The MAK keys will be listed along with your contract details.
Use this PowerShell script template for Intune deployment:
$ESU_MAK = "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
$ESU_Year = 1 # Set to 1, 2, or 3 based on your license
$ActivationIDs = @{1 = "f520e45e-7413-4a34-a497-d2765967d094"
2 = "1043add5-23b1-4afb-9a0f-64343c8f3f8d"
3 = "83d49986-add3-41d7-ba33-87c7bfb5c0fb"
}
$ActivationID = $ActivationIDs[$ESU_Year]
cscript.exe /b %windir%\system32\slmgr.vbs /ipk $ESU_MAK
cscript.exe /b %windir%\system32\slmgr.vbs /ato $ActivationID
Intune Deployment Process: Navigate to Devices > Scripts in the Intune portal, create a new PowerShell script deployment with administrative privileges enabled, and assign it to your Windows 10 device groups. Configure the script to run in 64-bit PowerShell with system privileges.
=================================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.