Currently a client is using Multiple forests: account-resource forest AD Connect topology. When AD Connect was setup the Alternate ID was set to use the mail attribute as the UPN in Azure AD. So the users on-prem UPN is user@domainA.com and in Azure AD it is user@domainB.com.
I am trying to setup up Hybrid AD Joined Devices to auto enroll in Intune using GPO.
The issue I am coming across is that when they log onto the Hybrid AD Joined device they are using the account with the on-prem UPN which doesn't match the UPN in Azure AD.
dsregcmd /status is showing
SSO Stated AzureADPrt: No
So the device isn't able to enroll in Intune because the users UPNs do not match.
Has anyone come across this before and found a solution?
I thought of using Azure AD Alternant login, but Hybrid AD Joined devices is not supported.