Forum Discussion
Show_me_the_docs
Nov 10, 2023Copper Contributor
Intune in a hybrid AD environment, joining computers only to cloud.
Currently in the planning and testing phase of deploying intune to our facility. Some quick pertinent facts: Hybrid AD manufacturing 300ish users, 20 remote users included Split win10 and win11 ...
H3nk13T
Brass Contributor
https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync
Chatgpt has flaws...
Chatgpt has flaws...
H3nk13T
Nov 14, 2023Brass Contributor
But maybe it can help:
ChatGPT
It looks like you've provided detailed information about the current state of a test device in your environment. From the information you've shared, the device is currently domain-joined but not Azure AD-joined. Here are some observations and recommendations:
AD Configuration Test Failure [0x80070002]: The AD Configuration Test has failed with error code 0x80070002. This error typically indicates that the device couldn't find the required information to complete the Azure AD registration. Make sure that the device can reach the Azure AD endpoints and that there are no network or DNS issues.
AzureAdJoined and EnterpriseJoined are both NO: This indicates that the device is not Azure AD-joined or Hybrid Azure AD-joined. For Autopilot and Intune to work seamlessly, you'll want the devices to be Azure AD-joined.
WorkplaceJoined is YES: This indicates that the device is Workplace Joined. Workplace Join is a deprecated feature, and Azure AD Join is the recommended approach. If you are planning to move towards a modern management approach with Autopilot and Intune, it's advisable to transition to Azure AD Join.
NgcSet is NO: NGC (Next Generation Credentials) set to NO indicates that Windows Hello for Business might not be set up on the device. This could be a consideration if you plan to use features like Windows Hello for Business in your deployment.
Diagnostic Data: The AD Configuration Test failure and error code 0x80070002 need to be investigated further. Ensure that the device can communicate with Azure AD, and check for any network or DNS issues that might be preventing a successful Azure AD registration.
IE Proxy Config and WinHttp Default Proxy Config: Ensure that proxy configurations are not causing issues with Azure AD communication. In some cases, proxy settings might interfere with the Azure AD registration process.
Fallback to Sync-Join is ENABLED: This is configured to allow devices to fall back to traditional AD join if Azure AD join is not successful. While this can be a temporary measure, ideally, you'd want devices to successfully Azure AD join for a modern management approach.
Link for Diagnostics Reference: The link provided in the diagnostic data can be visited for more information on specific error codes and troubleshooting steps.
In summary, to prepare your environment for Autopilot and Intune in a hybrid AD scenario, focus on resolving the Azure AD Configuration Test failure, transition from Workplace Join to Azure AD Join, and ensure that NGC and other prerequisites are met for a smooth deployment. Investigate the network connectivity and DNS resolution to Azure AD endpoints. Regularly check Microsoft's official documentation for the latest information and best practices in deploying Intune and Autopilot.
ChatGPT
It looks like you've provided detailed information about the current state of a test device in your environment. From the information you've shared, the device is currently domain-joined but not Azure AD-joined. Here are some observations and recommendations:
AD Configuration Test Failure [0x80070002]: The AD Configuration Test has failed with error code 0x80070002. This error typically indicates that the device couldn't find the required information to complete the Azure AD registration. Make sure that the device can reach the Azure AD endpoints and that there are no network or DNS issues.
AzureAdJoined and EnterpriseJoined are both NO: This indicates that the device is not Azure AD-joined or Hybrid Azure AD-joined. For Autopilot and Intune to work seamlessly, you'll want the devices to be Azure AD-joined.
WorkplaceJoined is YES: This indicates that the device is Workplace Joined. Workplace Join is a deprecated feature, and Azure AD Join is the recommended approach. If you are planning to move towards a modern management approach with Autopilot and Intune, it's advisable to transition to Azure AD Join.
NgcSet is NO: NGC (Next Generation Credentials) set to NO indicates that Windows Hello for Business might not be set up on the device. This could be a consideration if you plan to use features like Windows Hello for Business in your deployment.
Diagnostic Data: The AD Configuration Test failure and error code 0x80070002 need to be investigated further. Ensure that the device can communicate with Azure AD, and check for any network or DNS issues that might be preventing a successful Azure AD registration.
IE Proxy Config and WinHttp Default Proxy Config: Ensure that proxy configurations are not causing issues with Azure AD communication. In some cases, proxy settings might interfere with the Azure AD registration process.
Fallback to Sync-Join is ENABLED: This is configured to allow devices to fall back to traditional AD join if Azure AD join is not successful. While this can be a temporary measure, ideally, you'd want devices to successfully Azure AD join for a modern management approach.
Link for Diagnostics Reference: The link provided in the diagnostic data can be visited for more information on specific error codes and troubleshooting steps.
In summary, to prepare your environment for Autopilot and Intune in a hybrid AD scenario, focus on resolving the Azure AD Configuration Test failure, transition from Workplace Join to Azure AD Join, and ensure that NGC and other prerequisites are met for a smooth deployment. Investigate the network connectivity and DNS resolution to Azure AD endpoints. Regularly check Microsoft's official documentation for the latest information and best practices in deploying Intune and Autopilot.