Forum Discussion

aaitbendra's avatar
aaitbendra
Copper Contributor
Jun 17, 2024

Issues with Hybrid Azure AD Join During Autopilot Enrollment

Hello Community,

I am seeking advice on an issue we’re experiencing with Microsoft Intune and Autopilot in our environment. We have set up an enrollment profile intended to enroll devices as Hybrid Azure AD joined during the Autopilot process. However, we’re encountering a problem where some devices are enrolling as Azure AD joined (cloud-only) instead of Hybrid.

Has anyone else experienced this issue? Any suggestions on what might be causing this inconsistency or how to troubleshoot it further would be greatly appreciated!

  • NicklasOlsen's avatar
    NicklasOlsen
    Iron Contributor
    Hello aaitbendra

    This sounds interesting 🙂
    Have you noticed anything different when it's enrolling as cloud-only and not hybrid?
  • leonpolman's avatar
    leonpolman
    Copper Contributor
    It might take a while for the device to be recognized as a hybrid joined device because the process of making the device hybrid is done after the autopilot enrolment. The hybrid connection is being created after the device has connected to the domain controller, and is being synced by the AD Connect sync cycle.

    Are you sure that the organisational unit where the devices will get added to, is being synced to azure using the AD connect tool?

    Microsoft also does not recommend to use hybrid autopilot (anymore), see the "important note" on this Learn page; https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybrid
    • aaitbendra's avatar
      aaitbendra
      Copper Contributor
      Yes, the OU is synced to Azure. The issue is intermittent. Occasionally, a device is created in the Domain Controller and enrolled in Intune as a Microsoft Entra joined device. In these cases, I delete the Microsoft Entra joined device object using PowerShell and then run a delta sync to ensure the device is enrolled as a Microsoft Entra hybrid joined device in Intune.

      Other times, the device is just cloud-only without any object in the Domain Controller, and the device name does not follow the pattern I have configured in Intune.

Resources