Forum Discussion
Hybrid identity and device ownership inconsistency
We're in the process of rolling out Intune. Today we noticed several windows devices didn't show up in Devices in Azure AD under their User. Some windows devices were marked as Azure AD registered for join type, others still have Hybrid Azure Joined. In both cases, Owner is marked N/A
At Intune portal these device show up as managed by Intune with the correct user for enrolled by
Anyone see this? Is this an expected behavior?
Any reason these devices are changing their join type? why would the user owner disappear?
Let me get back to you (old info in MS docs).
*edit*
The first info I attached didn't have the correct information. I will report it to MS.
But this do have the correct info so take a look here and it will explain the behavior:
"Windows 10 devices that are hybrid Azure AD joined don't show up under USER devices. Use the All devices view in the Azure portal"
https://docs.microsoft.com/en-us/azure/active-directory/devices/faq
Also, take a look at this for general information https://docs.microsoft.com/sv-se/azure/active-directory/devices/overview
5 Replies
Hi aghi234
I am working on BitLocker management with Intune policy on hybrid Azure join device. We have on-prem AD that is connected to Azure AD and sync the device using AD connect.
According to MS that hybrid join device doesn't have ownership. But we saw in some situations that the ownership transfer to hybrid dedvice after we click Fix It button when MS Account shared experienced error message popped up.
If this is an expected behavior is there a way to automate the verification rather than ask user to click Fix it button.
We also noticed that the recovery key process tried to backup the key to on-prem AD which sometime created challenge because some user are working remotely and not connected through vpn all the time.
Thanks.
cjsanto
- Could you tell us more about your current environment?
Are your devices joined to an on-prem AD and then hybrid joined? Let me get back to you (old info in MS docs).
*edit*
The first info I attached didn't have the correct information. I will report it to MS.
But this do have the correct info so take a look here and it will explain the behavior:
"Windows 10 devices that are hybrid Azure AD joined don't show up under USER devices. Use the All devices view in the Azure portal"
https://docs.microsoft.com/en-us/azure/active-directory/devices/faq
Also, take a look at this for general information https://docs.microsoft.com/sv-se/azure/active-directory/devices/overview
ChristianBergstromThanks for clarifying! It's still frustrating since the devices show up in Intune but not Azure AD
Thijs Lecomteyes, devices are joined on-prem and then hybrid-joined by pushing a group policy
- If they are on-prem joined.
All of your devices should sync as 'hybrid azure ad joined' in the end.
I assume you have configured AAD connect to enable hybrid azure ad join?
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
If a device is aad registered, starting from Windows 1803 the registered device should automtically be cleanup and it should Hybrid join. (https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state).
If your devices are not 1803, you might need a manual cleanup
