cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Home

Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

%3CLINGO-SUB%20id%3D%22lingo-sub-328417%22%20slang%3D%22en-US%22%3EConnection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328417%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei'm%20trying%20to%20implement%20Intune.%3C%2FP%3E%3CP%3EMy%20first%20steps%20were%20iOS%20%26amp%3B%20Android%20what%20i%20finished%20right%20now.%3C%2FP%3E%3CP%3ENow%20it's%20time%20for%20Win10%20Devices%3A%3C%2FP%3E%3CP%3EBYOD%20Devices%20with%20a%20work%20or%20school%20account%20are%20no%20problem%2C%20they%20appear%20as%20expected%20in%20the%20Intune%20console.%3C%2FP%3E%3CP%3EAt%20this%20moment%20i'%2Cm%20trying%20to%20connect%20our%20Windows%2010%20Devices%2C%20which%20are%20already%20Hybrid%20Azure%20AD%20joined.%20(joined%20to%20our%20OnPrem%20Domain)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20how%20to%20achive%20this.%20Would%20you%20please%20help%20me%20out%20of%20this%3F%3C%2FP%3E%3CP%3EI%20already%20tried%20to%20set%20the%20GPO%20(Auto%20MDM%20Enrollment%20with%20AAD%20Token)%20at%20a%20local%20Win10%20Client%2C%20but%20this%20doesn't%20do%20anything.%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20that%20the%20right%20approach%3F%20(Or%20what%20should%20i%20do%3F%20Do%20i%20need%20the%20Intune%20connector%3F%20Do%20i%20need%20Autopilot%20for%20this%20first%20step%3F%20(when%20deployment%20of%20the%20OS%20is%20done%20manually%2C%20not%20by%20autopilot))%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EPatrick.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-328417%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESCCM%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESCCM-Intune-Hybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-370254%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-370254%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20similar%20situation%20although%20we%20do%20not%20have%20SCCM%20on%20premise.%20Devices%20have%20been%20Hybrid%20AD%20joined%20and%20Auto%20MDM%20enrolled%20through%20GPO%20but%20show%20up%20as%20Managed%20by%20MDM%2FConfigMgr%20Agent.%20We%20do%20not%20have%20Configuration%20Manager%20OnPremise.%20How%20do%20i%20force%20MDM%20only%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDevice%20Action%20status%3C%2FP%3E%3CDIV%20class%3D%22fxc-section-legend%20azc-br-muted%20fxc-section-name%22%3ECo-management%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3E%3CP%3EUSERNAME%20Windows%20PC%20is%20being%20co-managed%20between%20Intune%20and%20Configuration%20Manager.%20Configuration%20Manager%20agent%20state%20is%20shown%20below%2C%20if%20the%20state%20is%20anything%20other%20than%20%E2%80%9CHealthy%E2%80%9D%20there%20are%20a%20few%20steps%20that%20help%20with%20this.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2009258%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELearn%20more%3C%2FA%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3EConfiguration%20Manager%20agent%20state%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3ECould%20not%20connect%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3EDetails%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3EThe%20Configuration%20Manager%20client%20is%20currently%20unable%20to%20reach%20the%20Configuration%20Manager%20management%20point.%20Make%20sure%20the%20client%20can%20communicate%20with%20the%20server.%20For%20more%20information%20on%20client%20communication%20issues%2C%20see%20the%20CcmMessaging.log%2C%20LocationServices.log%2C%20or%20ClientLocation.log%20files%20on%20the%20Configuration%20Manager%20client.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%22%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%22%3ELast%20Configuration%20Manager%20agent%20check%20in%20time%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%3E2%2F1%2F1900%2C%2012%3A00%3A00%20AM%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329419%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329419%22%20slang%3D%22en-US%22%3E%3CP%3EYes.%20You%20need%20provide%20global%20Admin%20account.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329396%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329396%22%20slang%3D%22en-US%22%3EThank%20you%20for%20your%20answer!%20That%20was%20a%20good%20advice%20for%20me.%3CBR%20%2F%3EWhen%20setting%20up%20co-management%20in%20SCCM%20the%20wizard%20asks%20me%20for%20giving%20the%20credentials%20for%20an%20%22Intune%20organizational%20account%22.%20It%20is%20not%20possible%20for%20me%20to%20connect%20with%20my%20%22normal%22%20O365%20Admin%20Account.%20Is%20the%20organizational%20account%20something%20different%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329366%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329366%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20%3CSPAN%3Eget%20the%20policies%20and%20configurations%20from%20Intune%20you%20need%20to%20enable%20co-management%20and%20adjust%20the%20slider%20to%20set%20the%20authority.%20GPO%20will%20take%20precedence%20over%20MDM%20policy%20from%20Intune.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20474px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F71716iF08595F3E5601031%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22thLI3LTRKV.jpg%22%20title%3D%22thLI3LTRKV.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329289%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329289%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Aaron%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei've%20already%20read%20this%20MS%20Doc.%20Yesterday%20i%20found%20out%20a%20few%20things%20with%20dsregcmd%20and%20got%20the%20first%20machines%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20current%20problem%20seems%20to%20be%20an%20SCCM%20topic.%3C%2FP%3E%3CP%3ELet%20me%20describe%20the%20current%20situation%20and%20the%20goal%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%3A%3C%2FP%3E%3CP%3E1.%20We%20don't%20manage%20mobile%20devices%20(iOS%20%26amp%3B%20Android)%20yet.%3C%2FP%3E%3CP%3E2.%20We%20manage%20Win10%20Devices%20(okay%2C%20most%20of%20them%20are%20mobile%2C%20too%20%3B)%3C%2Fimg%3E%20by%20SCCM.%20(Enrolling%20the%20operating%20system%2C%20install%20a%20few%20software%20products)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EObjective%3A%3C%2FP%3E%3CP%3E1.%20We%20want%20to%20manage%20our%20clients%20(iOS%2C%20Android%20%26amp%3B%20Win10)%20with%20Intune%20in%20AAD.%3C%2FP%3E%3CP%3E2.%20We%20want%20to%20use%20SCCM%20also%20in%20future%20for%20the%20%22first%20enrollment%22.%20(An%20on-site%20training%20for%20sccm%20for%20my%20colleague%20is%20pending%2C%20starts%20in%20end%20of%20february.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20i've%20done%20so%20far%3A%3C%2FP%3E%3CP%3E1.%20I%20learned%20quite%20a%20few%20interesting%20things%20about%20Intune%20in%20combination%20with%20iOS%20%26amp%3B%20Android%2C%20so%20we%20are%20able%20to%20manage%20them.%20Currently%20we're%20in%20a%20testphase%20and%20want%20to%20go%20in%20a%20pilot%20phase%20with%20a%20few%20more%20Users%2Fdevices)%3C%2FP%3E%3CP%3E2.%20I%26nbsp%3Benrolled%20some%20Win10%20testclients%20with%20the%20GPO%20setting%20to%20the%20Intune%20console.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20these%20clients%20already%20had%20the%20sccm%20agent%20installed%2C%20when%20they%20got%20enrolled%20in%20Intune%2C%20they%20appear%20in%20Intune%20as%20%22managed%20by%3A%20MDM%2FConfigMgr%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%2C%20that%20they%20won't%20get%20the%20policies%20and%20configurations%20i%20configured%20in%20Intune.%3C%2FP%3E%3CP%3EBecause%20i'm%20not%20experienced%20in%20using%20SCCM%20yet%20i%20don't%20know%20how%20to%20go%20on.%3C%2FP%3E%3CP%3EDo%20i%20need%20the%20feature%20%22co-management%22%20within%20SCCM%20to%20achive%20this%20objective%3F%3C%2FP%3E%3CP%3E(The%20devices%20already%20appear%20in%20intune%2C%20as%20i%20mentioned%20before)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20goal%20should%20be%3A%3C%2FP%3E%3CP%3E-%20Managing%20all%20mobile%20devices%20(iOS%2C%20Android%20%26amp%3B%20Win10)%20in%20Intune%3C%2FP%3E%3CP%3E-%20Installing%20the%20basics%20of%20our%20desktop%20devices%20with%20onprem%20SCCM%20(Installing%20OS%20to%20workstations%2C%20installing%20some%20basic%20software%20packages.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%2C%20my%20englisch%20is%20understandable%20so%20far%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3EI%20would%20be%20happy%20if%20you%20(or%20anyone%20else)%20can%20help%20me%20a%20little%20bit.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much!%3C%2FP%3E%3CP%3EPatrick%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329143%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329143%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20certain%20that%20Hybrid%20Azure%20AD%20join%20is%20configured%20correctly%3F%20Configuring%20Hybrid%20Azure%20AD%20join%20in%20Azure%20AD%20Connect%20and%20setting%20the%20GPO%20are%20all%20that%20you%20need%20(plus%20assigning%20EMS%20%2F%20Intune%20licenses).%20Once%20these%20are%20configured%2C%20you%20should%20see%20devices%20register%20pretty%20quickly.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDocs%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20title%3D%22Enroll%20a%20Windows%2010%20device%20automatically%20using%20Group%20Policy%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-465339%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-465339%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F161413%22%20target%3D%22_blank%22%3E%40Nathan%20Hart%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20this%20same%20problem.%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20i%20have%20SCCM%20co-management%20configuration%20set.%3C%2FP%3E%3CP%3ECo-management%3C%2FP%3E%3CP%3Ethe%20configuration%20is%20set%20to%20device%20collections.%3CBR%20%2F%3EI%20removed%20my%20test%20device%20from%20this%20collection%20and%20try%20to%20register%20it%20in%20Intune%20as%20being%20only%20managed%20by%20MDM.%3C%2FP%3E%3CP%3EUnfortunately%2C%20it%20still%20appears%20as%20MDM%20%2F%20ConfigMgr%3C%2FP%3E%3CP%3EThe%20MDM%20policy%20is%20set.%3CBR%20%2F%3EHow%20to%20change%20the%20device%20authorization%20for%20MDM%2C%20leaving%20other%20devices%20managed%20by%20co-management%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-469777%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-469777%22%20slang%3D%22en-US%22%3EBecause%20of%20a%20new%20techcommunity%20account%2C%20this%20is%20just%20a%20short%20response%20to%20follow%20up%20the%20thread.%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-747216%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-747216%22%20slang%3D%22en-US%22%3E%3CP%3EI%20successfully%20setup%20Hyrid%20ad%20join%20and%20co-management%20for%20some%20Pilot%20devices.%20Management%20is%20still%20controlled%20by%20ConfigMgr.%3C%2FP%3E%3CP%3EIn%20the%20Azure%20console%20I%20see%20however%20stated%20that%20the%20Configmgr%20Agent%20state%20reports%20as%20%3CSTRONG%3Ecould%20not%20connect%3C%2FSTRONG%3E.%20(See%20attached%20screenshot).%20Remote%20restart%20does%20work%20(with%20some%20delay)%20so%20there%20seems%20to%20be%20connection.%20Can%20anyone%20put%20me%20in%20the%20right%20direction%20how%20to%20troubleshoot%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-756655%22%20slang%3D%22en-US%22%3ERe%3A%20Connection%20of%20already%20Hybrid%20Azure%20AD%20joined%20Win10%20Devices%20to%20Intune%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756655%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F371670%22%20target%3D%22_blank%22%3E%40nielsvd%3C%2FA%3E%26nbsp%3B%26nbsp%3BIt%20seems%20to%20me%20that%20the%20communication%20with%20the%20portal%20is%20done%20through%20the%20extension%20(Intune%20Management%20Extension%20-%20I%20do%20not%20remember%20the%20name)%20installed%20when%20connecting%20the%20device%20to%20Intune%20MDM.%3CBR%20%2F%3EI%20would%20check%20if%20the%20sccm%20agent%20on%20the%20device%20is%20working%20correctly%2C%20possibly%20reinstalling%20the%20agent.%20In%20addition%2C%20I%20would%20check%20sccm%20versions%2C%20windows10%20versions.%20Not%20all%20versions%20work%20together.%3CBR%20%2F%3ESometimes%2C%20after%20uninstalling%20the%20sccm%20agent%2C%20the%20garbage%20remains%20in%20the%20registry.%20Intune%20means%20the%20device%20as%20co-management%20but%20in%20reality%20the%20device%20does%20not%20have%20the%20sccm%20agent.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

‎01-31-2019 12:57 AM - edited ‎02-01-2019 07:53 AM

‎01-31-2019 12:57 AM - edited ‎02-01-2019 07:53 AM

Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Hi folks,

 

i'm trying to implement Intune.

My first steps were iOS & Android what i finished right now.

Now it's time for Win10 Devices:

BYOD Devices with a work or school account are no problem, they appear as expected in the Intune console.

At this moment i',m trying to connect our Windows 10 Devices, which are already Hybrid Azure AD joined. (joined to our OnPrem Domain)

 

I don't know how to achive this. Would you please help me out of this?

I already tried to set the GPO (Auto MDM Enrollment with AAD Token) at a local Win10 Client, but this doesn't do anything. 

Is that the right approach? (Or what should i do? Do i need the Intune connector? Do i need Autopilot for this first step? (when deployment of the OS is done manually, not by autopilot))

 

Thank you very much :)

Patrick.

 

 

 

6,607 Views
0 Likes
10 Replies
Reply
10 Replies
Aaron Parker

‎01-31-2019 06:39 PM

‎01-31-2019 06:39 PM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Are you certain that Hybrid Azure AD join is configured correctly? Configuring Hybrid Azure AD join in Azure AD Connect and setting the GPO are all that you need (plus assigning EMS / Intune licenses). Once these are configured, you should see devices register pretty quickly.

 

Docs here:

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

1 Like
Reply

‎02-01-2019 03:45 AM - edited ‎02-01-2019 05:47 AM

‎02-01-2019 03:45 AM - edited ‎02-01-2019 05:47 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Hi Aaron

 

i've already read this MS Doc. Yesterday i found out a few things with dsregcmd and got the first machines working.

 

My current problem seems to be an SCCM topic.

Let me describe the current situation and the goal:

 

Currently:

1. We don't manage mobile devices (iOS & Android) yet.

2. We manage Win10 Devices (okay, most of them are mobile, too ;) by SCCM. (Enrolling the operating system, install a few software products)

 

Objective:

1. We want to manage our clients (iOS, Android & Win10) with Intune in AAD.

2. We want to use SCCM also in future for the "first enrollment". (An on-site training for sccm for my colleague is pending, starts in end of february.)

 

What i've done so far:

1. I learned quite a few interesting things about Intune in combination with iOS & Android, so we are able to manage them. Currently we're in a testphase and want to go in a pilot phase with a few more Users/devices)

2. I enrolled some Win10 testclients with the GPO setting to the Intune console.

 

When these clients already had the sccm agent installed, when they got enrolled in Intune, they appear in Intune as "managed by: MDM/ConfigMgr".

 

The problem is, that they won't get the policies and configurations i configured in Intune.

Because i'm not experienced in using SCCM yet i don't know how to go on.

Do i need the feature "co-management" within SCCM to achive this objective?

(The devices already appear in intune, as i mentioned before)

 

The goal should be:

- Managing all mobile devices (iOS, Android & Win10) in Intune

- Installing the basics of our desktop devices with onprem SCCM (Installing OS to workstations, installing some basic software packages.

 

I hope, my englisch is understandable so far :D

I would be happy if you (or anyone else) can help me a little bit.

 

Thank you very much!

Patrick

0 Likes
Reply
Swaminathan_Arumugam

‎02-01-2019 07:00 AM

‎02-01-2019 07:00 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Hi,

 

If you want to get the policies and configurations from Intune you need to enable co-management and adjust the slider to set the authority. GPO will take precedence over MDM policy from Intune.thLI3LTRKV.jpg

 

 

1 Like
Reply

‎02-01-2019 07:39 AM

‎02-01-2019 07:39 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Thank you for your answer! That was a good advice for me.
When setting up co-management in SCCM the wizard asks me for giving the credentials for an "Intune organizational account". It is not possible for me to connect with my "normal" O365 Admin Account. Is the organizational account something different?
0 Likes
Reply
Swaminathan_Arumugam

‎02-01-2019 08:35 AM

‎02-01-2019 08:35 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Yes. You need provide global Admin account.

0 Likes
Reply
Nathan Hart

‎03-15-2019 10:57 AM - edited ‎03-15-2019 10:59 AM

‎03-15-2019 10:57 AM - edited ‎03-15-2019 10:59 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

I have a similar situation although we do not have SCCM on premise. Devices have been Hybrid AD joined and Auto MDM enrolled through GPO but show up as Managed by MDM/ConfigMgr Agent. We do not have Configuration Manager OnPremise. How do i force MDM only?

 

Device Action status

Co-management

USERNAME Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. 

Learn more
Configuration Manager agent state
Could not connect
Details
The Configuration Manager client is currently unable to reach the Configuration Manager management point. Make sure the client can communicate with the server. For more information on client communication issues, see the CcmMessaging.log, LocationServices.log, or ClientLocation.log files on the Configuration Manager client.
Last Configuration Manager agent check in time
2/1/1900, 12:00:00 AM
0 Likes
Reply
Kamil2345

‎04-17-2019 03:11 AM

‎04-17-2019 03:11 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

@Nathan Hart 

Hi 

I have this same problem. 

But i have SCCM co-management configuration set.

Co-management

the configuration is set to device collections.
I removed my test device from this collection and try to register it in Intune as being only managed by MDM.

Unfortunately, it still appears as MDM / ConfigMgr

The MDM policy is set.
How to change the device authorization for MDM, leaving other devices managed by co-management?

0 Likes
Reply
PatrickF11

‎04-17-2019 11:01 PM

‎04-17-2019 11:01 PM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

Because of a new techcommunity account, this is just a short response to follow up the thread. :)
0 Likes
Reply
nielsvd

‎07-10-2019 04:09 AM

‎07-10-2019 04:09 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

I successfully setup Hyrid ad join and co-management for some Pilot devices. Management is still controlled by ConfigMgr.

In the Azure console I see however stated that the Configmgr Agent state reports as could not connect. (See attached screenshot). Remote restart does work (with some delay) so there seems to be connection. Can anyone put me in the right direction how to troubleshoot this?

 

0 Likes
Reply
Kamil2345

‎07-16-2019 05:02 AM

‎07-16-2019 05:02 AM

Re: Connection of already Hybrid Azure AD joined Win10 Devices to Intune Management

@nielsvd  It seems to me that the communication with the portal is done through the extension (Intune Management Extension - I do not remember the name) installed when connecting the device to Intune MDM.
I would check if the sccm agent on the device is working correctly, possibly reinstalling the agent. In addition, I would check sccm versions, windows10 versions. Not all versions work together.
Sometimes, after uninstalling the sccm agent, the garbage remains in the registry. Intune means the device as co-management but in reality the device does not have the sccm agent.

0 Likes
Reply
Related Conversations
Tabs and Dark Mode
 cjc2112 in Discussions on 09-18-2019
46 Replies
Extentions Synchronization
 Deleted in Discussions on 11-13-2019
3 Replies
Stable version of Edge insider browser
 HotCakeX in Discussions on 10-12-2019
35 Replies
flashing a white screen while open new tab
 Deleted in Discussions on 10-05-2019
14 Replies
Security Community Webinars
 Valon_Kolica in Security, Privacy & Compliance on 10-22-2019
13 Replies
How to Prevent Teams from Auto-Launch
 chenrylee in Microsoft Teams on 06-27-2019
29 Replies