Forum Discussion

oryxway's avatar
oryxway
Iron Contributor
Aug 05, 2022

Intune Hybrid AD Join computer

Trying to login with the company email credentials to a LAPTOP for Hybrid Azure AD Join, and it is keeping on spinning and not proceeding any further. I am not sure what is happening. The computer was factory reset. Is there something I am missing or it is not authenticating? I do not see that device in AD OU. 

 

Intune Connector servers are installed with Intune Connector. So, is there any other configuration that needs to be done?

 

Hardware Hash has been imported and users assigned to the device. Profile is assigned.

 

Something am I missing like some URL that needs to be opened up for Authentication through Intune Connector?

  • Hi oryxway! You're only mentioning the Intune side of things here, so just to ensure the basics are covered (taking your other post in consideration):

     

    • oryxway's avatar
      oryxway
      Iron Contributor

      Neil,

      Thanks for your response. As of now

      1. We have setup the Intune Connectors for Hybrid Azure AD Join.
      2. Network Firewall ports/URLs are all open as per the document
      3. Have setup the OU in AD and delegated the control and added Intune Connector servers to that OU.
      4. Have the domain join policy created in Intune and applied to the device Group.

      I am not sure that it is the service account that is being missed here to be added to the ODJConnector? As it is currently using SYSTEM account.

      We do have some conditional policies that are in place, and not sure whether something needs to be added in order to get these machines (remote) not trying to join from our company network, but from home, to be added to these conditional policies. I am wondering that is one more step that needs to be done?
      One more point I wanted to add as per your link

      https://techcommunity.microsoft.com/t5/intune-customer-success/end-user-experience-deploy-hybrid-azure-ad-joined-devices-by/ba-p/1133748

       

      As of now under Mobility (MDM and MAM) Configure section

       

      The MDM User scope is set to None. I would not want to set this to All (as we want to do it in groups and test it). so I want to enable the "Some" and add the Group. I am wondering this will be the USER group who are going to be enrolled (AAD or Hybrid AAD)? So, I think probably this was one for the reason why the user machine was spinning after the user tried to login with company credentials and nothing happened.

       

Resources