Forum Discussion
Intune registration for existing hybrid Join Windows device
Hello Community,
I am facing a challenge and hoping for your help. I would like to register an existing Windows 10 or Windows 11 device in Microsoft Intune. The device in question is both a Teams Room system and an AVD virtual machine. The device already exists as a device object in on-premises Active Directory (AD) and Azure AD via a hybrid join. SCCM is not present.
My goal is to register and manage the device exclusively in Intune without having a duplicate object structure in Azure AD (once hybrid and once Azure AD only). I have already tried three approaches but have not found an ideal solution so far:
Integration via a "Windows Configuration Designer" deployment package: this method would be my preferred one, but in doing so I create both a hybrid object and an Azure AD only object in Azure AD.
User registration via Intune domain account login: This creates a registered or primary user, which is not ideal for shared devices.
Device registration via GPO: I tried to perform device enrollment via GPO (Computer Configuration > Administrative Templates > Windows Components > MDM > Enable automatic MDM enrollment using default Azure AD credentials). Unfortunately, this only displays an error (0x8018001) in the corresponding task, and no enrollment occurs.
Can you please help me how to integrate a non-personalized Windows device into Intune cleanly and as easily as possible without creating a duplicate Azure AD object structure?
Or maybe the pragmatic solution: May I simply delete the second Azure AD Only entry as described here?
Thanks in advance for your support!
With kind regards
Flo
Your best bet is to enroll it in the "Microsoft Store for Business" and add it under the devices tab. You will need a .csv file with the device hardware hash which you can acquire from these instructions here. Then go to "Intune", devices, enroll devices, and under "Windows Autopilot Deployment Program" click on "Devices". You may have to click "Sync" and give it some time but from there you will be exclusively in Intune. Hope this helps! Let me know if you have any trouble.
- Have you tried using device credential for the MDM enrollment in GPO? It is ideal for AVD multisession and shared devices.
Yes at AVD it works now too. But what do I do with other shared devices like room systems?
Ich habe auch folgenden Registry Wert gesetzt und das Gerät dann via Windows Configuration Designer importiert. Leider hatte ich danach auch wieder zwei Geräte im AAD.
"Sie können verhindern, dass Ihr domänenverbundenes Gerät von Microsoft Entra registriert wird, indem Sie den folgenden Registrierungswert zu HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin hinzufügen: "BlockAADWorkplaceJoin"=dword:00000001."
