Forum Discussion
Intune enrollment creates new Azure AD object
RNalivaika launch dsregcmd /status on one of the clients and take a look for the PRT (primary refresh token). Also, are you scoping users for auto enrollment? As soon as you HAADJ devices and use the WPJ options for the intune enrollment, this issue may happen. We encountered the same.
Henrixx do you mean this PRT?
AzureAdPrt : YES
AzureAdPrtUpdateTime : 2021-08-03 18:25:21.000 UTC
AzureAdPrtExpiryTime : 2021-08-17 18:25:30.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/f4b9822c-3c52-41ba-85d0-c9fc9ef75aa9
EnterprisePrt : NO
We use MDM user scope with a group containing the pilot users who use the machines we want to enroll.- Thanks, so you got the PRT - thats good.
Next, lets check some additional questions:
- how do you perform the HAADJ? Manually or using a GPO? -if a GPO is used, are you using MDM (Device Credentials or User Credentials)?
- I guess you are using mail as UPN?
- If you check Intune, do you see these devices as corp enrolled or personal enrolled?
- What OS are you on? especially the PCs you use for the pilot?Henrixx thanks for following up. Devices are HAAD joined using Azure AD Connect device sync.
Yes, UPN used for login to O365 is the same as primary SMTP.
In intune, these devices first appear as personal, I change them to corporate owned. This is probably because pilot users enrolled them using logon to work or school.
We are on Windows 10 20H2 and 21H1. BR- Ruslan
