Event banner
Event details
When testing using Autopilot for Hybrid devices I am seeing two devices entries get created in Entra ID for the one Device. How do we properly maintain those? Only one of them is managed by Intune and the other one is not, but the Entries are linked together in a backend way. So if you have any Device base groups its hard to know which entry to add to the group, since you can't see which one is manages on the Member Add screen inside intune.
Also it seems to make some features like wiping a device more complicated as you have to do other steps then just click wipe in intune and it reenrolls it self with no issues...
Hung_Dang
Microsoft
MicrosoftThat's correct that there are two Entra ID device objects at the end of Autopilot into Hybrid. The first object is the one for device registration into Autopilot in the first place. The intent is that that device object is joined to specific groups before the device is deployed, and then the policies assigned to the group are applied during deployment. The second object is created that reflects the device object in AD (primarily for authentication purposes). That second object should be joined to the same groups as the first object, and so the policies still apply. In general, if you change groups for the device AFTER deployment, the best practice is to move BOTH device objects, since that device could be reset at any time, at which time the first object takes effect (and this assumes you want the new group's policies to apply even after reset).
Hope this helps, Dylan! -- Hung