Event details
What is the correct process for converting a Windows 11 device that is currently Microsoft Defender for Endpoint–joined (MDE-joined) in Intune into a fully Microsoft Entra–joined / Intune-managed (MEM) device? I’m specifically looking for the required steps and any prerequisites to ensure the MEM join succeeds without conflicts from the existing MDE enrollment.
MicrosoftHi Cuetberg,
A couple of clarifying questions:
- What is the join state of the devices today (on-prem domain join, hybrid-join, or full Entra join)?
- Are the devices managed by anything today (other than MDE)?
- The devices are Domain joined.
- Other than GPOs and MDE there is no endpoint management in place.
- Jason_Sandys
The only supported path to Entra join these devices is to reset the OS or reimage the device. We don't generally recommend doing this for existing devices though and instead recommend hybrid joining them and then using group policy to enroll them into Intune. Once the device is ready for a hardware refresh or some other event necessitates a device reset or reimage, that's the time to run the device through Autopilot and have it become Entra joined (and Intune enrolled).
What's the specific driver for wanting the device(s) Entra joined?
I guessed as much.
What's the specific driver for wanting the device(s) Entra joined?
Device management and taking full advantage of defender, purview, conditional access, windows hello authentication etc. without relying on the on-premises infrastructure. Windows client managed and configured in one space with autopilot deployment.
While it need not be specifically Entra join, avoiding extra infrastructure and complexity to facilitate a hybrid solution would be preferable.