By Jack Poehlman | Service Engineer on the Enterprise Mobility and Customer Experience Team
NOTE - Preview of this feature is now live. Docs on how to use the feature are here: https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid.
We recently released a new feature in preview: hybrid Azure AD joined devices using Intune and Windows Autopilot – something that we know customers are excited to try! We do want to make you aware of a known issue in reporting. First on the Overview landing page for the device configuration profile, after your users or devices have completed Autopilot, the Profile type - Domain Join (Preview) will show as “Not Applicable” for all devices (and users) regardless of the status of the device that completes Autopilot and domain joins via the profile. Here’s an example of what you will likely see on the overview of the new domain join profile after devices successfully complete the Autopilot enrollment process:
Second, the other related monitor pages (Devices status, User status, & Per-setting status) will show a similar “Not Applicable” result. We are working to improve this reporting in the future. For now, we’re releasing this in preview while we continue to finalize the details on reporting.
A few other things to keep in mind – reminders I learned from my own testing. You will need to assign the Domain Join (Preview) profile type to an Azure AD group containing the Autopilot devices you wish to domain join. You can directly assign Autopilot devices to a group or to a Dynamic Azure AD group with attributes unique to Autopilot devices. Here’s a few dynamic group Autopilot property operator values examples for different grouping scenarios:
- If you want to create a group that includes all of your Autopilot devices, type (device.devicePhysicalIDs -any _ -contains "[ZTDId]")
- If you want to create a group that includes all of your Autopilot devices with a specific order ID, type: (device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")
- If you want to create a group that includes all of your Autopilot devices with a specific Purchase Order ID, type: (device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
Remember, too, this feature will only work with the latest release of Windows 10, October 2018 update, Version 1809 and later. You can see preview documentation here: https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid.
If you are interested in testing this on a Virtual machine, build the Windows machine and complete OOBE, then use the guidance in Michael Niehaus’s blog to use the WindowsAutoPilotIntune script to collect a hardware hash and upload it to Autopilot via Intune. Once the VM is added to Autopilot and you configure Intune to deploy hybrid Azure AD joined devices using Intune and Windows Autopilot, use the Windows setting on the VM to “Reset this PC” and chose the “Remove Everything” option. The virtual machine will complete the reset process and enter OOBE and the Autopilot experience.
Happy testing!