Aug 03 2021 03:37 AM
Hi, we have Azure AD Hybrid joined devices, we want to enroll them to Intune. Upon testing with a subset of devices, we observe that intune enrolled devices become duplicates with their own/new object ID. Is this by design, or some configuration issue? See sample screenshot belov. Ruslan
Aug 03 2021 04:48 AM
@RNalivaika launch dsregcmd /status on one of the clients and take a look for the PRT (primary refresh token). Also, are you scoping users for auto enrollment? As soon as you HAADJ devices and use the WPJ options for the intune enrollment, this issue may happen. We encountered the same.
Aug 03 2021 07:01 AM
Aug 03 2021 11:43 AM
@Henrixx do you mean this PRT?
AzureAdPrt : YES
AzureAdPrtUpdateTime : 2021-08-03 18:25:21.000 UTC
AzureAdPrtExpiryTime : 2021-08-17 18:25:30.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/f4b9822c-3c52-41ba-85d0-c9fc9ef75aa9
EnterprisePrt : NO
We use MDM user scope with a group containing the pilot users who use the machines we want to enroll.
Aug 03 2021 11:49 AM
Aug 04 2021 01:04 AM
Aug 04 2021 06:32 AM
@Henrixx thanks for following up. Devices are HAAD joined using Azure AD Connect device sync.
Yes, UPN used for login to O365 is the same as primary SMTP.
In intune, these devices first appear as personal, I change them to corporate owned. This is probably because pilot users enrolled them using logon to work or school.
We are on Windows 10 20H2 and 21H1. BR- Ruslan
Aug 04 2021 12:37 PM
Dec 01 2021 07:35 AM
Dec 06 2021 05:11 AM
I never got that resolved, so still using sccm instead of intune...