Share via

How to properly re-register or re-enroll an Azure AD Joined Windows 11 machine after it is wiped completely by Inune?

Woody Chiu at RASI 226 Reputation points
2023-03-22T14:32:14.5333333+00:00

We are deploying around 145 Lenovo M80q gen1 tiny machines with Windows 11 base images. Lenovo helped us in advance to upload all machine hardware hash values to the list of Windows Autopilot Devices in Intune's "Enroll Devices > Windows Enrollment" section.

For example, we dumped Lenovo's base Windows 11 image to a machine to start with. (Our machines all came with Windows 10 preloaded images and we decided to get upgraded them all to Windows 11 base images prior to deploying.) As that machine's hash value is already in our Autopilot device list, the machine was booted up with the Autopilot process and was deployed with our Intune policies with all the configuration profiles, scripts and etc.

The machine rolled out fine with the entire Autopilot process. We then had the machine patched with the latest Windows updates. Afterward, for some reason, we had to wipe that machine with Intune and erase the hard drive by dumping Lenovo's Windows 11 base image again.

My question is:

Are there any other procedures that we need to take either on the Azure Active portal, Microsoft 365 portal, or Intune portal regarding that machine's presence that we need to look after prior to running the Autopilot process to re-enroll that machine?

My concern is that there may have some sort of duplicate or orphan identities still existing in our Azure portals. That will eventually be creating problems for that machine to operate properly with its OS and programs and etc. later on.

Hope I have provided all the info you need. Can you advise what steps we would also need to take either prior to or after wiping the machine using Intune?

Appreciated!

Woody

Microsoft Security Windows Autopilot
Microsoft Security Microsoft Entra Microsoft Entra ID
Windows for business Windows Client for IT Pros User experience Other
Microsoft Security Intune Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,751 Reputation points
    2023-03-23T15:55:11.9233333+00:00

    Hello,

    To re-register hybrid Azure AD joined Windows 10/11 and Windows Server 2016/2019 devices, take the following steps:

    Open the command prompt as an administrator.

    Enter dsregcmd.exe /debug /leave.

    Sign out and sign in to trigger the scheduled task that registers the device again with Azure AD.

    For down-level Windows OS versions that are hybrid Azure AD joined, take the following steps:

    Open the command prompt as an administrator.

    Enter "%programFiles%\Microsoft Workplace Join\autoworkplace.exe /l".

    Enter "%programFiles%\Microsoft Workplace Join\autoworkplace.exe /j".

    For Azure AD joined devices Windows 10/11 devices, take the following steps:

    Open the command prompt as an administrator

    Enter dsregcmd /forcerecovery (You need to be an administrator to perform this action).

    Click "Sign in" in the dialog that opens up and continue with the sign in process.

    Sign out and sign in back to the device to complete the recovery.

    For Azure AD registered Windows 10/11 devices, take the following steps:

    Go to Settings > Accounts > Access Work or School.

    Select the account and select Disconnect.

    Click on "+ Connect" and register the device again by going through the sign in process.

    And see if it helps,

    Thank you

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.