Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Thank you for posting your query on Microsoft Q&A. From the above description I could understand that you are trying get your on-prem AD joined windows 10/11 devices to become hybrid joined, but the devices don't show up.
In order to investigate this I would recommend to use Device Registration Troubleshooter Tool on one of the impacted devices.
The tool does following checks:
-
- Troubleshoot Hybrid Azure AD Join
-
- Verify Service Connection Point (SCP)
-
- Verify Primary Refresh Token (PRT)
- Collect the logs
If DSRegTool is running with elevated privileges, start log collection. Otherwise, tool shows action plan to collect the logs using Feedback hub.
The screenshot you have shared is while device going through ESP (Enrollment Status Page). This is one of the known issue with Hybrid Autopilot enrollment via Intune.
Hybrid Azure AD Autopilot deployment with ESP takes longer than the timeout duration entered in the ESP profile. On Hybrid Azure AD Autopilot deployments, the ESP takes 40 minutes longer than the value set in the ESP profile. For example, you set the timeout duration to 30 minutes in the profile. The ESP can take 30 minutes + 40 minutes. This delay gives the on-premises AD connector time to create the new device record to Azure AD.
To troubleshoot what's going behind the when a failure occurs you must follow: Troubleshooting the Enrollment Status Page.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.