MDM to Entra ID move

Question

I cannot move from MDM to Entra ID using Accounts-> Work or School -> Connect

Answer 1

Hello saravana maruthamuthu,

The quickest way to “graduate” a Windows 10/11 PC that’s only MDM-enrolled to a full Microsoft Entra ID (Azure AD) join is simply:

1. Settings > Accounts > Access work or school > pick the existing MDM account > Disconnect so the old registration is removed learn.microsoft.com;
2. open an elevated Command Prompt and run dsregcmd /debug /leave, then reboot to clear any hidden Workplace-Join records learn.microsoft.com;
3. in the Entra ID portal delete the stale device object if it’s still listed learn.microsoft.com;
4. after the restart go back to Settings > Accounts > Access work or school > Connect > “Join this device to Azure Active Directory,” sign in with an Entra-licensed account, confirm the organisation info, and let Windows reboot once more learn.microsoft.com.

When the desktop comes back, you’ll see “AzureAD\username” at the sign-in screen and the device will auto-enrol back into Intune if automatic MDM enrolment is enabled—no wipe or reimage required.

Best Regards,

Jerald Felix

Answer 2

Hello saravana maruthamuthu,

To prevent the user’s device from being automatically enrolled with Intune and to allow it to join only Microsoft Entra ID without any MDM profile, you need to do two things:

• Unassign the Intune license for the user.
• Remove the user from the MDM user scope.

Once this is done, when the user enrolls their device via Accounts > Work or School > Connect, it will join Entra ID but won’t be managed by Intune.

Please refer to the screenshot below for guidance: Azure Portal > Microsoft Entra ID > Mobility (MDM and WIP) > Microsoft Intune