Hybrid Azure AD Join
7 TopicsIntune Auto Enrollment and Hybrid AAD Join error
I'm working with a customer that has AD domain joined devices setup to Hybrid Join and Auto Enroll into Intune, but the results are very sporadic. The AAD Connect is syncing the users and devices in scope. The users have Intune licenses. The devices appear to be stuck at completing the Hybrid Join (pending), so the Intune enrollment doesn't happen (which is the goal). There are 3 things that keep logging in the Device Management-Enterprise-Diagnostics event log: Auto MDM Enroll <Dm Raise Toast Notification And Wait>* Failure (Unknown Win32 Error code: 0x8018002a) "Auto MDM Enroll Get AAD Token: Device Credential (0x0), Resource <>* (https://enrollment.manage.microsoft.com/), Resource <>* 2 (NULL), Status (Unknown Win32 Error code: 0x8018002a)" Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x8018002a) I had them run the following script to test connectivity:https://learn.microsoft.com/en-us/samples/azure-samples/testdeviceregconnectivity/testdeviceregconnectivity/ Both systems they tested completed all checks successfully (1 on-prem and 1 on VPN). Still not completing the Intune Enrollment. Has anyone been able to resolve a similar registration/enrollment error? Thanks!7.3KViews0likes5CommentsInability to delete Autopilot devices leads to endless supply of never cleaned up devices in AAD
I realize that the ability to delete Autopilot-enabled devices in Azure AD is by design, but I think I might be missing something. In Microsoft Store for Business, or in Endpoint Manager under Devices > Enroll Devices > Windows Autopilot Devices - I have my true list of unique hardware devices that are registered for Autopilot. I don't want to delete any of these that are not actually decommissioned. The problem I'm seeing, is with either regular Autopilot or Hybrid Autopilot, since/when devices are getting named with random characters (which for Hybrid Autopilot cannot be changed), I end up with orphaned AAD devices that cannot be deleted from anywhere. I haven't tested, but I believe with regular Autopilot, I could take advantage of the ability to always set the same device name. If so, then this issue I'm reporting is only a thing for Hybrid Autopilot. Is there any solution to delete old copies of the same machine. For example, I've reset the device, now it has two instances in AAD which cannot be deleted, but still just one instance in the MS Business Store or under Autopilot Devices in Endpoint Manager. If I again reset the device down the road, I'll have 3, and so on. Any suggestions/clues? Thanks in advance.5KViews0likes2CommentsTwo Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
[New#BlogPost] Bit of an interesting take on how to perform a controlled Hybrid AAD Join deployment and make the workstations ready for#Intuneand#MEMdepending on the OU selection in the Azure AD Connect Sync tool. Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment – Shehan Perera [techBlog] #AzureAD#ModernWork#ModernDevices#Hybrid#Microsoft3654.3KViews0likes8CommentsHybrid Azure AD Join option missing from Azure AD Connect
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join#managed-domains I am attempting to follow this document to setup Hybrid Azure AD Join The version of Azure AD Connect available for download currently is version 2.1.1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=47594) I install Azure AD Connect and attempt to setup according to document But the steps do not match the downloaded version of Azure AD Connect With the Hybrid Azure AD Join option completely missing I would appreciate any advice on this Thanks for taking the time to consider my question 🙂1.1KViews0likes1CommentDo I need to do a domain join to avoid multiple logins?
Hi, We are just starting with InTune and using AutoPilot, however I see by default these new computers do not appear in the local, on prem Active Directory, so this means when staff rock up at the office, they login to their laptop but they are not on the domain so if they try and access a network share or a network app they are prompted to sign in, constantly in some casese! So, my question is this, we have a lot of legacy apps, we can't move fully to Azure just yet, we need staff working in the office on certain software, so do we make these new AutoPilot computers hybrid domain joined devices to get around this network prompt? Also, when we do this will it rename the computer account? I see it assigns a random 15 character code as the machine name, but it isn't clear if it actually renames the computer itself or just makes this a reference in AD? Any help much apprecited. TIA Stuart2.4KViews0likes3CommentsHybrid Join skip AD connectivity check
Hi, With this new option "Skip AD connectivity check" during deployment to remote machines, will the machine ever attempt to complete the Hybrid Join between AAD and AD on premise? It is a great option for deploying devices to remote workers who do not have line of site access to a DC during initial deployment. Would be great to understand the process behind the Hybrid Join recovery if there is one. Thanks19KViews0likes5CommentsHybrid Azure Join
Hello everyone, we want to use the Hybrid Azure Join Now my question is, can we use Cloud GPO's (CSP/ADMX) AND On Prem GPO's? So for example, can I roll out printers via local GPO and software, onedrive settings via Intune from the cloud? Unfortunately I can't find any information here, if Google is not my friend today Best Regards, Phil2.6KViews0likes3Comments