Issues with Windows 11 Autopilot Hybrid Joined Since last Week

Hi biggingerdazza​ , error 80004005/800004005 at the point where the Autopilot profile downloads but ODJ never starts usually means the Hybrid Join “offline domain join blob” can’t be generated/returned. Since this started suddenly around Dec 4, I’d check two things that have impacted multiple tenants recently:

1. Intune Connector for Active Directory (ODJ connector)

• In Intune: Devices > Enrollment > Windows > Intune Connector for Active Directory (bottom page)
• If it shows Error/Inactive, and/or you’re still on the legacy connector, Hybrid Autopilot ODJ will stop working.
• Fix: uninstall the old connector and install the latest MSA-based connector, then sign in during setup with a properly privileged Intune admin account that also has an Intune license (new requirement).

2. Firewall/network allowlisting changes (Azure Front Door)

• Microsoft announced Intune endpoint changes starting on/after Dec 2, 2025 (Azure Front Door IPs). If your firewall is strict, enrollment/ODJ calls can fail even though things worked for months. Verify outbound allowlisting per the Intune guidance. Support tip: Upcoming Microsoft Intune network changes | Microsoft Community Hub

If you confirm:

• Connector status (Active vs Error) + connector version
• Whether you have strict outbound filtering
  …we can narrow it down quickly, but in most “stopped on Dec 4” cases it’s the connector upgrade and/or new Intune network endpoints.