Migration from On Prem AD to Azure AD post Fresh Start option in Intone

Shashi Dubey 376 Reputation points
2023-08-18T12:11:18.4933333+00:00

HI everyone,

Hope this finds everyone in their best health !!

I have a requirement where I have devices that are hybrid AD join and co managed now I want to bulk fresh -wipe the devices using Graph API in a way post that they would be disconnected from their on Prem AD and would only be joined to Azure AD.

So my query is if I use cleanWindowsWipe with "keepusersdata" parameter as "true" does my devices at the time of being at OOBE stage would be disconnected from om Prem AD and would only be joined to Azure AD or it would be decided by the deployment profile it has to go through the OOBE state ?

I need someone help as I must ensure it would perform the keepWindows Wipe by getting disconnected from on Prem AD but would be joined to Azure AD?

Regards,

Shashi Dubey

Microsoft Security | Windows Autopilot
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2023-08-21T01:49:57.7766667+00:00

    @Shashi Dubey, Thanks for posting in Q&A. Using the cleanWindowsWipe Graph API with the keepUserData parameter set to true will remove all apps and settings from the device, but it will not disconnect the device from on-premises AD. The device will still be hybrid AD joined after the wipe.

    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#wipe

    If you want do Azure AD join, you can unjoin the device from the on-premises domain, clear the records in both Azure AD and Intune, then enroll using Autopilot Azure AD join enrollment method or configure windows Automatic enrollment and do Azure AD join via Accounts->Access work or school to re-enroll the device.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows

    https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973#:~:text=To%20join%20an%20already%20configured%20Windows%2010%20device,password%2C%20and%20then%20select%20Sign%20in.%20More%20items

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.