Forum Discussion
Intune Hybrid AD Join computer
Hi oryxway! You're only mentioning the Intune side of things here, so just to ensure the basics are covered (taking your other post in consideration):
- Your hybrid AAD is all set up and working, as documented in https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join?
- The environment is configured for hybrid AADJ enrollment, as documented in https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid?
Neil,
Thanks for your response. As of now
1. We have setup the Intune Connectors for Hybrid Azure AD Join.
2. Network Firewall ports/URLs are all open as per the document
3. Have setup the OU in AD and delegated the control and added Intune Connector servers to that OU.
4. Have the domain join policy created in Intune and applied to the device Group.
I am not sure that it is the service account that is being missed here to be added to the ODJConnector? As it is currently using SYSTEM account.
We do have some conditional policies that are in place, and not sure whether something needs to be added in order to get these machines (remote) not trying to join from our company network, but from home, to be added to these conditional policies. I am wondering that is one more step that needs to be done?
One more point I wanted to add as per your link
As of now under Mobility (MDM and MAM) Configure section
The MDM User scope is set to None. I would not want to set this to All (as we want to do it in groups and test it). so I want to enable the "Some" and add the Group. I am wondering this will be the USER group who are going to be enrolled (AAD or Hybrid AAD)? So, I think probably this was one for the reason why the user machine was spinning after the user tried to login with company credentials and nothing happened.