At my workplace we have a mixed AD/AAD environment. We need to deploy a specific configuration profile through Endpoint, which, I've found out, is pending for all of those devices which aren't having any UPN associated. All those machines have a "primary user" configured, but for the majority of those older machines (which are also in the AD), no UPN is attached to the device. All our clients are based on Windows 21H1. I managed to get one working by assigning one user to a machine and then logging in with this user. After that the user relative UPN was correctly assigned to the machine. On another device I wasn't able to replicate this solution, so it's not clear to me what's wrong. What can I do to be sure to assign the UPN of the primary user to her/his device?
Just in case, if anyone's wondering, I've found a solution, most probably not the best, but it works: -create local windows admin on the machine without UPN -remove machine from domain -login with local admin, settings -> accounts > school & work accounts -> add account -select the last option, "join to Azure AD domain", use the primary user credential -after a while windows will give an error: the client is already enrolled -don't try again. Add an account again, but this time select "join local AD domain" -set the primary user as main client user. - reboot and login with primary user client credential, making sure you're entering the full address, so with the @part as well, eg. name.surname@companyAD.com -once logged in, the client should now have a UPN in Intune.
This has been useful to deploy the use of security USB keys on some older clients, so it might be useful to others as well.