Moving from MDT/WDS to Autopilot – Real-World Lessons, Wins & Gotchas
Hi all, We’ve been moving away from an ageing WDS + MDT setup and over to Windows Autopilot, and I thought I’d share a few key lessons and experiences from the journey. In case anyone else is working through the same transition (...or about to). Why the change? MDT was becoming unreliable, drivers/apps would randomly fail to install, WDS is on the way out, and we needed a more remote-friendly approach. We also wanted to simplify things for our small IT team and shift from Hybrid Azure AD Join to Azure AD Join only. We’re doing this as a phased rollout. I harvested existing device hashes using a script from a central server, and manually added machines that weren’t online at the time (most of which were just unused spares, we haven't introduced new hardware yet). If you want a copy of this auto-harvest, please see my next post, this script is useful as it'll just go off and import the hardware hashes into Intune, and can run against multiple computers at a time. (I will add the link to the post once made). Some of the biggest hurdles: • 0x80070002 / 0x80070643 errors (typically due to incomplete registration or app deployment failures) • Enrollment Status Page (ESP) hangs due to app targeting issues (user vs device) and BitLocker config conflicts • Wi-Fi setup with RADIUS (NPS) was complex, Enterprise Certificates and we're still using internal AD for authentication, so user accounts exist there and sync over to Azure. • Legacy GPOs had to be rebuilt manually in Intune, lots of trial and error • Some software (like SolidWorks) wouldn’t install silently via Intune, so I used NinjaOne to handle these, along with remediation scripts in Intune where needed We also moved from WSUS to Windows Autopatch, which improved update reliability and even helped with driver delivery via Windows Update. What’s gone well: Device provisioning is more consistent, updates are more reliable, build time per machine has dropped, and remote users get systems faster. It’s also reduced our reliance on legacy infrastructure. What I’m still working on: Tightening up compliance and reporting, improving detection/remediation coverage, figuring out new errors that may occur, and automating as much manual processes as possible. Ask me anything or share your own experience! I’m happy to help anyone dealing with similar issues or just curious about the move. Feel free to reply here or message me. Always happy to trade lessons learned, especially if you’re in the middle of an Autopilot project yourself. Cheers, Timothy JeensConverting Azure Registered device into hybrid azure ad joined
Dear All, We are in the process of planning conditional access to manage devices. So far devices only sync to azure ad and status showing azure ad registered. How can we convert those azure ad registered device into hybrid azure ad joined. What will happen on user end if enable hybrid azure ad joined from AAD connect. Thank you all in advanced.Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
[New https://www.linkedin.com/feed/hashtag/?keywords=blogpost&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392] Bit of an interesting take on how to perform a controlled Hybrid AAD Join deployment and make the workstations ready for https://www.linkedin.com/feed/hashtag/?keywords=intune&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 and https://www.linkedin.com/feed/hashtag/?keywords=mem&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 depending on the OU selection in the Azure AD Connect Sync tool. https://shehanperera.com/2022/02/26/hybridaadjoin-methods/ https://www.linkedin.com/feed/hashtag/?keywords=azuread&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 https://www.linkedin.com/feed/hashtag/?keywords=modernwork&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 https://www.linkedin.com/feed/hashtag/?keywords=moderndevices&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 https://www.linkedin.com/feed/hashtag/?keywords=hybrid&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392 https://www.linkedin.com/feed/hashtag/?keywords=microsoft365&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6903182459475771392Company Portal doesnt show me Apps, Intune is not installing configuration files
Hello, We set up Intune recently, and I did a few set-ups before in previous companies. After basics steps, now I want to use the Company Portal on my BYOD, * App installation, good * Profile installation, good * also Branding from the company portal is appearing. * but no apps are appearing, no configuration files are installed. I set my BYOD into a group in AzureAD and set this group to the apps as "available", for the configuration files, as required. I did manually trigger the sync, but nothing. The device appears in the group, and under Troubleshooting and support, I can see my user, my device ,. and the apps which are assigned to me as a user, or for my mac. Any hints here?
AzureAD joined device via PPKG didn't enroll in Intune
I followed the instructions https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll to enroll my device in Azure AD using a package on a usb key. I do not have on-prem AD. The device successfully enrolled to AzureAD, but did not enroll in Intune. I can see it in AzureAD under devices as "AzureAD joined" with no MDM listed. It doesn't show up under Intune devices. I had to manually go into the device's computer configuration and enable automatic enrollment to MDM. After doing this, the device enrolled into Intune and now shows up. What did I do wrong? Why was this not already set since I followed the bulk enrollment instruction?couldn't enroll windows 8.1 device in Intune
I want to enroll my win8.1 device in Intune, but I found an error as below after I clicked the Join button. {Confirm you are using correct sign-in info, and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.} Does there has someone know something about it. Thanks in advance.
