A device can't be joined to both on-prem AD and Azure AD. It would need to be unjoined from the on-prem domain first, then joined to Azure AD (make sure there is a local user admin account and be careful of data loss for profiles etc) "Enroll only in device management" will enrol the device Intune (and register it in Azure AD but not join Azure AD)
Joining existing device to azure ad
Which ways would be possible to get an existing device with Windows 10 1809 LTSC (Member of an Active Directory) managed via intune - and how can the user then log in with their azure ad credentials?
I already figured out that executing a provisioning package isnt a solution: I always get the error "0x8007000D". Found out it has sth to do with the LTSC-Version which isnt able to execute those Provisioning Packages.
In my opinion the only way is to "Enroll only in device management" (screenshot). But in order to do that I have to type in the Administrator Account of the AD-Domain. The AD Domain will be turned off in the future, so we dont want to do hybrid join, and no enrollment via GPO.
The next question I have is: When enrolling that device with "Enroll only in device management" my device has a connection to AD and MDM. Is that a problem? Should I delete the connection to the on premise world first?
Last Question: What do I need to do in order to enable a user then to log in with their azure credentials?
3 answers
Sort by: Most helpful
-
-
Pa_D 1,071 Reputation points
2021-02-11T23:54:34.19+00:00 1) Use script to collect hardware hash.
2) Add them into Autopilot.
3) Do a reset of the device, and go through Autopilot OOBE scenario.Since you are moving away from AD, use Autopilot with Azure AD Join.
-
Crystal-MSFT 50,591 Reputation points Microsoft Vendor
2021-02-12T02:16:06.75+00:00 @Halogeen , From your description, it seems you want to migrate from on-premise AD to Azure AD. If there's any misunderstanding, feel free to let us know.
Based on my research, I find an article for the reference:
https://o365hq.com/services/on-premises-active-directory-to-azure-active-directory-transition
Note: Non-Microsoft link, just for the reference.If you want to know more about the migration, please contact Azure AD support with tag "azure-active-directory":
https://learn.microsoft.com/en-us/answers/topics/azure-active-directory.htmlFor Intune enrollment, there are many methods, we can choose one in our environment:
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment#windows-enrollment-methods
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methodsHope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.