Share via

From Azure AD Registered To Azure AD Joined

SUNIL KUMAR 31 Reputation points
2021-06-16T05:23:57.377+00:00

My organization has 500+ Azure AD registered devices(Remote Too). Now we want to mange these devices with Intune and want to convert these devices from Azure AD registered to Azure AD joined. What is the best way to do the same?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
978 questions
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee
    2021-06-16T07:57:08.557+00:00

    @SUNIL KUMAR This has been a common movement requirement now. many other companies are also trying to shift towards complete Azure AD Joined state.
    Although the move is not a very straight forward or MS has not provided any migration path for same.

    The device state (Azure AD registered and Azure AD Joined ) were both for a different scenario, where AAD registered were for personal devices for corporate resource access and Azure AD joined for corporate devices to utilize more features like SSO and device management.

    There are many ways to achieve this, it all depends on which route would be easier for you.

    1) Azure AD Joined via Autopilot which needs Intune
    This requires you to fetch the hardware hash from all devices and upload them into Intune, followed by Autopilot profile to be targeted to all devices.
    This is a easier way for bulk enrollment and management. Make sure that you will have to clean up the Azure AD registered device entries from Azure AD portal.

    2) Involve users to perform AAD Join
    If you have small group who can perform some extra steps to convert their devices from registered to joined, you can disconnect the devices from settings, work and School account, followed by deleting the entry from Azure portal.
    Then go to settings - Work or school account - Join to Azure AD option.

    The methods depend upon which route you want to choose. Let me know if you have any questions.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. RP 6 Reputation points
    2022-06-09T18:49:16.21+00:00

    From Windows PowerShell ISE Admin mode
    Run the first line in the powershell window to allow scripts to run , Select all

    Set-ExecutionPolicy Unrestricted

    Type the following lines in a new script. The path C:\HWID can be changed to your likening

    New-Item -Type Directory -Path "C:\HWID"
    Set-Location -Path "C:\HWID"
    $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
    Install-Script -Name Get-WindowsAutoPilotInfo
    Get-WindowsAutoPilotInfo -OutputFile AutoPilotHWID.csv

    Retrieve the file AutopilotHWID.CSV and upload to Intune endpoint.mictrosoft.com > Devices > Enroll Devices > Windows Autopilot Deployment Program > Devices > Import . Allow 30 minutes for the device to be ready.

    1 person found this answer helpful.
    0 comments
  2. Tarun Kanti Mondal 1 Reputation point
    2022-05-28T17:26:04.847+00:00

    How do I collect Hardware hash ?
    and do I need to collect Hardware hash manually ?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.