Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Hybrid AAD Domain Join configuration profile (%SERIAL%)

Occasional Contributor

Good morning,


Looking to confirm my findings to solidify that this is not old information and is still accurate in 2022.


The following article clearly defines in the chart that Hybrid AD Join devices are ONLY compatible with Prefix (Fixed String) names and NOT compatible with the %SERIAL% option that AAD Joined devices ARE.  At the bottom of this article it then touches on the OMA-URI custom policies where it implies that %SERIAL% can be used for Hybrid Autopilot deployments.


Based on my research, this is not possible.  Is this correct?


I have read articles that reference custom policy OMA-URI settings to achieve this, but have also read that by doing so will cause the device to lose its trust with the domain which prevents the user from logging in.


The only option as I understand it would be to push a Win32 App via device targeted for device ESP process OR a PowerShell script post Autopilot.  Do you agree with this?





2 Replies
best response confirmed by CrimsoWarTusk (Occasional Contributor)

Hi @CrimsoWarTusk,


For hybrid devices you are very limited and you have only a prefix option, as described in the official Microsoft docs


For an azure joined devices autopilot profile you are able to set the %serial% or %random:xx% option. 

my advice in your case is to switch to an azure joined autopilot profile because there are very limited use cases why you should create an hybrid devices.


And you can also take a look at my blog post for incrementing your autopilot naming convention


hopefully this helps you.


kind regards,



Thank you very much for taking a few minutes to reply as it is greatly appreciated. I will read through your article as well as this has been very helpful. Thank you :o)