Configure Autopilot Profile for Hybrid ADD Join Devices managed by Intune

Saad Farooq 46 Reputation points
2023-02-02T07:36:44.0833333+00:00

Hi

We have a case where devices are co-managed with identity Hybrid AAD join and plan to disable co-management, which means that the status of the device converts from co-managed to Intune only, however, the Identity remains the same that is Hybrid AAD Join.

Here is the end goal we want to achieve after removing co-management

Hybrid AAD Join Identity+ Managed by Intune

Did Autopilot deployment profile- Hybrid AAD join works if yes how much time it takes to device get prepared any estimation and limitation

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
401 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,226 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,126 Reputation points MVP
    2023-02-02T07:42:15.7166667+00:00

    Autopilot with HAADJ does work, but not recommended. The backend process of making this work is messy and has a higher chance of resulting in failures. Consider moving to AADJ as pretty much everything can be made to work with it.


  2. Crystal-MSFT 41,766 Reputation points Microsoft Vendor
    2023-02-03T02:00:17.2833333+00:00

    @Saad Farooq, Thanks for posting in Q&A. From your description, I know you want to change co-management to Intune managed.

    To do this, please ensure all the workloads are switched from Configuration Manager to Intune. Then uninstall the Configuration Manager client to make it only Intune managed. Here is a link with more details:

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-intune-setup#option-3-move-from-configuration-manager-to-intune

    If we met the situation that some devices still show co-managed after waiting some time to sync, we can check if following registry key existing on the affected device and remove it:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManageabilityCSP​

    HKLM\software\Microsoft\ccm

    HKLM\software\Microsoft\CCMSETUP

    HKLM\software\Microsoft\SMS ​

    Meanwhile, for Autopilot Hybrid Azure AD joined, this can also work. If you want to change to this enrollment method, you can follow the steps in the link below to configure.

    https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid

    As our device is already enrolled, we can set "Convert all targeted devices to Autopilot " as Yes and assign to the device group to register Autopilot devices that are already enrolled. After the configuration is finished, we can reset the device to enroll.

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Saad Farooq 46 Reputation points
    2023-02-06T03:07:44.3866667+00:00

    Hi @Crystal-MSFT

    Thanks for sharing details in the summarized way with reference links. Just need clarity on the below statement from our end:

    "As our device is already enrolled, we can set "Convert all targeted devices to Autopilot " as Yes and assign to the device group to register Autopilot devices that are already enrolled. After the configuration is finished, we can reset the device to enroll."

    Since devices are already enrolled so after disabling co-management their state will be

    Managed by: Intune

    Identity: Hybrid AAD Join

    Do we still need to reset devices since those are 1000 plus devices what about if devices remain enrolled and we configured autopilot for new or wipe devices? Is that workable?