Trouble converting hybrid joined devices to Intune only

%3CLINGO-SUB%20id%3D%22lingo-sub-2350155%22%20slang%3D%22en-US%22%3ETrouble%20converting%20hybrid%20joined%20devices%20to%20Intune%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2350155%22%20slang%3D%22en-US%22%3E%3CP%3EI%20will%20probably%20explain%20this%20poorly%20and%20will%20ask%20your%20forgiveness%20in%20advance.%20We%20have%20a%20hybrid%20AD%20environment.%20All%20new%20Windows%2010%20devices%20are%20Intune%20only.%20We%20have%20no%20issue%20with%20Auto-Pilot%20or%20management%20of%20these%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20existing%20AD%2FSCCM%20devices%20are%20listed%20in%20Intune%20as%20co-managed%2C%20corporate.%20We%20manage%20these%20using%20only%20AD%20and%20SCCM.%20We%20desire%20to%20make%20the%20devices%20Intune%20only.%20Basically%2C%20a%20wipe%20and%20re-do.%20I%20have%20tried%20creating%20a%20device%20group%20in%20Intune%20and%20adding%20test%20devices.%20The%20test%20group%20is%20a%20member%20of%20a%20Windows%20Auto-Pilot%20Deployment%20profile%20that%20is%20set%20to%20Convert%20all%20target%20devices%20to%20Auto-Pilot.%20The%20test%20devices%20do%20show%20up%20in%20the%20assigned%20devices%20list.%20We%20then%20try%20to%20wipe%20the%20devices.%20Auto-Pilot%20always%20fails%20at%20%22Registering%20your%20device%20for%20mobile%20management%20(3%2C%200x801c03f3)%22.%26nbsp%3B%20%26nbsp%3BIf%20we%20delete%20existing%20devices%20from%20AD%2C%20SCCM%2C%20Azure%20and%20Intune%3B%20then%20import%20the%20hashes%20again%20all%20is%20good.%20Auto-Pilot%20works%20perfectly.%20This%20approach%20is%20way%20to%20time%20consuming%20for%201%2C000%20devices.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20Intune%20newbie%20would%20greatly%20appreciate%20any%20suggestions%20or%20pointers.%20I%20would%20love%20to%20know%20what%20we%20are%20doing%20wrong.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2350155%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2356737%22%20slang%3D%22en-US%22%3ERe%3A%20Trouble%20converting%20hybrid%20joined%20devices%20to%20Intune%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2356737%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20Just%20to%20be%20100%25%20sure.%20DO%20you%20have%20multiple%20autopilot%20profiles%20%3F%20Or%20did%20you%20delete%20the%20existing%20autpilot%20profile%3F%20Because%20you%20can't%20change%20the%20setting%20from%20join%20devices%20as%20azure%20ad%20joined%20to%20hybrid.%20Or%20did%20you%20create%20a%20new%20autopilot%20profile%20and%20assigned%20it%20to%20the%20group%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2362972%22%20slang%3D%22en-US%22%3ERe%3A%20Trouble%20converting%20hybrid%20joined%20devices%20to%20Intune%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2362972%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms%3C%2FA%3E%26nbsp%3BGood%20evening.%20No%2C%20there%20are%20no%20existing%20deployment%20profiles%20for%20our%20hybrid%20joined%20devices.%20Our%20existing%20AD%2FSCCM%20machines%20were%20never%20auto-piloted.%20They%20are%20hybrid%20joined%2C%20but%20not%20enrolled%20in%20Intune.%20The%20join%20type%20in%20the%20new%20deployment%20profile%20is%20%22Azure%20AD%20joined%22.%20We%20no%20longer%20want%20the%20devices%20in%20AD.%26nbsp%3B%20We%20did%20create%20a%20device%20group%20in%20Azure%20for%20these%20devices%20and%20did%20add%20the%20group%20to%20the%20deployment%20profile.%20The%20devices%20do%20enroll%20and%20show%20as%20assigned%20for%20that%20profile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20all%20that%20said%2C%20I%20have%20been%20researching.%20We%20use%20self-deploy%20for%20these%20devices.%20That%20might%20be%20the%20issue%20or%20part%20of%20the%20issue.%20What%20are%20your%20thoughts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20time%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2366980%22%20slang%3D%22en-US%22%3ERe%3A%20Trouble%20converting%20hybrid%20joined%20devices%20to%20Intune%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2366980%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat's%20good%20to%20know%20indeed.%26nbsp%3B%20Maybe%20adding%20an%20additional%20autopilot%20profile%20that%20is%20user%20driven%20to%20test%20it%20out%3F%20SO%20you%20are%20sure%20it%20is%20or%20is%20not%20the%20self-deploying%20profile%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnything%20usefull%20in%20the%20logs%20when%20you%20press%20shift%2Bf10%20to%20get%20a%20system%20cmd%20%E2%80%9CMDMDiagnosticsTool.exe%20-area%20Autopilot%3BTPM%20-cab%20c%3A%5Cautopilot.cab%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20how%20long%20does%20it%20takes%20before%20it%20fails%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2388792%22%20slang%3D%22en-US%22%3ERe%3A%20Trouble%20converting%20hybrid%20joined%20devices%20to%20Intune%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2388792%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms%3C%2FA%3E%20sorry%20it%20has%20taken%20a%20few%20days%20to%20reply.%20I%20am%20not%20getting%20e-mail%20notifications.%20We%20have%20decided%20to%20just%20let%20AD%2FSCCM%20devices%20age%20out%20over%20the%20next%20two%20years%20instead%20of%20converting%20them%20to%20Intune%20only.%20To%20many%20other%20projects.%20Thanks%20again%3C%2FLINGO-BODY%3E
New Contributor

I will probably explain this poorly and will ask your forgiveness in advance. We have a hybrid AD environment. All new Windows 10 devices are Intune only. We have no issue with Auto-Pilot or management of these devices.

 

Our existing AD/SCCM devices are listed in Intune as co-managed, corporate. We manage these using only AD and SCCM. We desire to make the devices Intune only. Basically, a wipe and re-do. I have tried creating a device group in Intune and adding test devices. The test group is a member of a Windows Auto-Pilot Deployment profile that is set to Convert all target devices to Auto-Pilot. The test devices do show up in the assigned devices list. We then try to wipe the devices. Auto-Pilot always fails at "Registering your device for mobile management (3, 0x801c03f3)".   If we delete existing devices from AD, SCCM, Azure and Intune; then import the hashes again all is good. Auto-Pilot works perfectly. This approach is way to time consuming for 1,000 devices.  

 

This Intune newbie would greatly appreciate any suggestions or pointers. I would love to know what we are doing wrong.

 

Thank you

4 Replies

Hi, Just to be 100% sure. DO you have multiple autopilot profiles ? Or did you delete the existing autpilot profile? Because you can't change the setting from join devices as azure ad joined to hybrid. Or did you create a new autopilot profile and assigned it to the group

 

 

@Rudy_Ooms Good evening. No, there are no existing deployment profiles for our hybrid joined devices. Our existing AD/SCCM machines were never auto-piloted. They are hybrid joined, but not enrolled in Intune. The join type in the new deployment profile is "Azure AD joined". We no longer want the devices in AD.  We did create a device group in Azure for these devices and did add the group to the deployment profile. The devices do enroll and show as assigned for that profile.

 

With all that said, I have been researching. We use self-deploy for these devices. That might be the issue or part of the issue. What are your thoughts?

 

Thank you for your time

Hi,

 

That's good to know indeed.  Maybe adding an additional autopilot profile that is user driven to test it out? SO you are sure it is or is not the self-deploying profile

 

Anything usefull in the logs when you press shift+f10 to get a system cmd “MDMDiagnosticsTool.exe -area Autopilot;TPM -cab c:\autopilot.cab

 

And how long does it takes before it fails?

@Rudy_Ooms sorry it has taken a few days to reply. I am not getting e-mail notifications. We have decided to just let AD/SCCM devices age out over the next two years instead of converting them to Intune only. To many other projects. Thanks again