Issues with Hybrid Azure AD Join During Autopilot Enrollment
Hello Community, I am seeking advice on an issue we’re experiencing with Microsoft Intune and Autopilot in our environment. We have set up an enrollment profile intended to enroll devices as Hybrid Azure AD joined during the Autopilot process. However, we’re encountering a problem where some devices are enrolling as Azure AD joined (cloud-only) instead of Hybrid. Has anyone else experienced this issue? Any suggestions on what might be causing this inconsistency or how to troubleshoot it further would be greatly appreciated!
Windows Servers AAD Hybrid Joined and SCCM ConfigMgr Co-Management MDM Auto-Enrollment
I have doubts about some configurations. Basically, we have: sccm installation with co-management performed via cloud-attach wizard intune pilot group device collection configured default client setting policy allows device registration in azure ad azure ad connect configured for hybrid join mdm user scope configured to all in azure ad mam user scope configured to none users can register devices in azure ad (Users may join devices to Azure AD) business premium licenses usage location configured in the azure ad synced user no conditional access or mfa configured The situation is that both client and server are synchronized in azure ad and are seen as join type "hybrid azure ad joined". In azure ad the clients has as mdm "microsoft configuration manager", the same clients then on intune in the managed column by show "co-managed". Servers on the other hand (windows 2016) are not automatically enrolled in intune and i don't understand why, the are hybrid azure ad joined in azure ad as devices. Other unclear thing, do i have to create the gpo for automatic enrollment in active directory (enable automatic mdm enrollment using default azure ad credentials)? At the moment it is created and linked to the OU containing servers and set as "device credential" (i read in documentation that with sccm or azure virtual desktop it is supported), even if i set in "user credential" anyway it doesn't work. With the gpo applied the scheduled task is created but in the events I get the following error:Auto MDM Enroll: Device Credential (0x1), Failed (Unknown Win32 Error code: 0x8018001c) By doing a dsregcmd /status on the machine everything seems ok. I don't understand what the best practices are regarding this gpo, and where I am going wrong.