cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intune registration for existing hybrid Join Windows device

FloKKIT
Copper Contributor

‎Oct 04 2023 10:04 PM - edited ‎Oct 04 2023 10:37 PM

‎Oct 04 2023 10:04 PM - edited ‎Oct 04 2023 10:37 PM

Intune registration for existing hybrid Join Windows device

Hello Community,

 

I am facing a challenge and hoping for your help. I would like to register an existing Windows 10 or Windows 11 device in Microsoft Intune. The device in question is both a Teams Room system and an AVD virtual machine. The device already exists as a device object in on-premises Active Directory (AD) and Azure AD via a hybrid join. SCCM is not present.

 

My goal is to register and manage the device exclusively in Intune without having a duplicate object structure in Azure AD (once hybrid and once Azure AD only). I have already tried three approaches but have not found an ideal solution so far:

 

Integration via a "Windows Configuration Designer" deployment package: this method would be my preferred one, but in doing so I create both a hybrid object and an Azure AD only object in Azure AD.

 

User registration via Intune domain account login: This creates a registered or primary user, which is not ideal for shared devices.

 

Device registration via GPO: I tried to perform device enrollment via GPO (Computer Configuration > Administrative Templates > Windows Components > MDM > Enable automatic MDM enrollment using default Azure AD credentials). Unfortunately, this only displays an error (0x8018001) in the corresponding task, and no enrollment occurs.

 

Can you please help me how to integrate a non-personalized Windows device into Intune cleanly and as easily as possible without creating a duplicate Azure AD object structure?

Or maybe the pragmatic solution: May I simply delete the second Azure AD Only entry as described here?

https://learn.microsoft.com/en-us/answers/questions/1339674/duplicated-ad-computer-in-the-azure-ad-e...

 

2023-10-05 07_03_19.png

Thanks in advance for your support!

With kind regards

Flo

Labels:
Preview file
24 KB
1,706 Views
0 Likes
3 Replies
Reply
3 Replies
matthewtanner2

‎Oct 04 2023 10:50 PM

‎Oct 04 2023 10:50 PM

Re: Intune registration for existing hybrid Join Windows device

Your best bet is to enroll it in the "Microsoft Store for Business" and add it under the devices tab. You will need a .csv file with the device hardware hash which you can acquire from these instructions here Then go to "Intune", devices, enroll devices, and under "Windows Autopilot Deployment Program" click on "Devices". You may have to click "Sync" and give it some time but from there you will be exclusively in Intune. Hope this helps! Let me know if you have any trouble.

Preview file
15 KB
0 Likes
Reply
rahuljindal-MVP

‎Oct 04 2023 11:15 PM

‎Oct 04 2023 11:15 PM

Re: Intune registration for existing hybrid Join Windows device

Have you tried using device credential for the MDM enrollment in GPO? It is ideal for AVD multisession and shared devices.
0 Likes
Reply
FloKKIT

‎Oct 04 2023 11:39 PM - edited ‎Oct 04 2023 11:47 PM

‎Oct 04 2023 11:39 PM - edited ‎Oct 04 2023 11:47 PM

Re: Intune registration for existing hybrid Join Windows device

Yes at AVD it works now too. But what do I do with other shared devices like room systems?

Ich habe auch folgenden Registry Wert gesetzt und das Gerät dann via Windows Configuration Designer importiert. Leider hatte ich danach auch wieder zwei Geräte im AAD.

https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-join-plan#handling-devices-w...

"Sie können verhindern, dass Ihr domänenverbundenes Gerät von Microsoft Entra registriert wird, indem Sie den folgenden Registrierungswert zu HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin hinzufügen: "BlockAADWorkplaceJoin"=dword:00000001."

0 Likes
Reply