Forum Discussion
Solved
Intune Connector
Do we need Intune Azure Connector installed if we already have an Azure AD connector? This is for Hybrid environment?
That's for joining devices to your Active Directory and Azure AD. Azure AD Connect is for synchronizing users/groups to Azure AD.
Description of the Intune Connector:
"The Intune Connector for your Active Directory creates autopilot-enrolled computers in the on-premises Active Directory domain. The computer that hosts the Intune Connector must have the rights to create the computer objects within the domain."
https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid
Again something popped out. So, if we take the route to go Azure AD joined Autopilot deployment, do we still need the Intune Connector? As it is only for Hybrid Azure AD? So, if it is directly joining Azure AD, How will the new devices detect the domain and join in Azure AD?
No, then you don't need the intune connector and correct. Only for hybrid join. New devices will join Azure AD because of the Autopilot profile. There are good how to videos on YouTube and Microsoft Learn covers these topics
- Dynamic Device Group with the addition of GroupTag (https://vmlabblog.com/2020/03/use-group-tag-to-change-autopilot-deployment-profile/) This way you can label the devices you imported the hardware hashes from, perhaps one group without a grouptag and one with a Test tag?
You can assign device manually by creating a group and putting the ID of the device in their (Check autopilot devices for that) and assigning that to the profile. Or dynamic groups of course, in both ways you should see (after assigning groups to the profile) which devices are assigned - So, you can create Dynamic User / Device. Which is the best and what situation do you create a Dynamic User Group and Dynamic Device Group and why?
The profiles I was talking is Deployment profiles. Created
1. Intune Autopilot Remote - Test
2. Intune Autopilot Remote - Production
When you click on any one of the profiles and go to Assigned Devices, I cannot see any device assigned. Not sure how you assign the devices to this Deployment Profile? - Create a Dynamic group which automatically fills that with all the devices you uploaded the hardware hash from https://docs.microsoft.com/en-us/mem/autopilot/enrollment-autopilot#create-an-autopilot-device-group-using-intune . But you said that you created profiles, multiple because?
And the device is open for anyone of your company with an Intune license, whoever enrolls the device is the Primary user by default... - Harm
Do we have to create a user group to assign these devices to users or do we assign it directly to each individual users? - Harm,
I created deployment profiles for Autopilot and what are the Included Groups and Excluded groups here. I am kind a confused as the interface is all changed.
Next, I am not able to assign devices to these Windows Autopilot deployment profile that I created. It looks like there is no way you could assign the imported device here. Has it moved anywhere else? - In Endpoint Manager you can create a dynamic group which automatically gets filled with all devices that you register for Autopilot (Hardware hash import) That's not a on-prem group, it's an Azure AD group. That group can be used to assign software to and for configuration and deployment profiles.
You mentioned on prem domain join, you said you want to do Azure only. The device gets inrolled into Azure by Autopilot and is a Endpoint Manager device from that moment. - Thank you, Harm. That was great info. Now, coming to creating Groups. It says create a device Group in endpoint manager. Now, do we have to create a group in our On Prem AD for devices since this is going to be an On Prem domain join of all devices? From what I see how this project is going, they want to have this up and running soon since we need to ship the devices, so I do not foresee that they are going to take the time to plan to do all AZURE AD joined devices. Since that needs a lot of planning.
- It depends on your contract with them or your reseller, some can upload directly and some will send a CSV file which you can import. Please check if they can install the machines using 'enterprise' images. enterprise meaning not the version but a clean Windows install without any bloatware.
- Another question in regard to devices being shipped to customers directly. Will Dell or HP send us the hardware hash or will they be able to add it to our Intune portal? How would they do it? Should we provide them access?
