MDMFull vs MDMFullWithAAD

I have two Azure Registered devices (local domain joined).

They are both joined to Intune MDM automatically using the add work/school account.


However, in MDMdiagnostics one is "MDMFull" and the other is "MDMFullWithAAD".

The first receives powershell scripts (though no win32) and the latter does not.

I can't find ANY info on "MDMFull" at all, and I have no idea why they differ? They are both domain and NOT Azure AD joined machines.

My true Azure AD joined machines are MDMDeviceWithAAD.



So apparently, using the "Enroll only in device management" instead of the "CONNECT" button, gives the MDMFull and allows powershell to work on even workspace joined accounts (AD registered only devices).



I think even Microsoft employees don't know anymore.

Is there any way to get users who used the CONNECT button to become MDMFull, so we get Intune Management Extension support?