Joining existing device to azure ad

Halogeen 236 Reputation points
2021-02-11T16:39:10.627+00:00

Which ways would be possible to get an existing device with Windows 10 1809 LTSC (Member of an Active Directory) managed via intune - and how can the user then log in with their azure ad credentials?

I already figured out that executing a provisioning package isnt a solution: I always get the error "0x8007000D". Found out it has sth to do with the LTSC-Version which isnt able to execute those Provisioning Packages.

In my opinion the only way is to "Enroll only in device management" (screenshot). But in order to do that I have to type in the Administrator Account of the AD-Domain. The AD Domain will be turned off in the future, so we dont want to do hybrid join, and no enrollment via GPO.

The next question I have is: When enrolling that device with "Enroll only in device management" my device has a connection to AD and MDM. Is that a problem? Should I delete the connection to the on premise world first?

Last Question: What do I need to do in order to enable a user then to log in with their azure credentials?

67052-enrollmdm.jpg
67071-enrollmdm2.jpg

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,387 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Nick Hogarth 3,436 Reputation points
    2021-02-11T22:19:21.57+00:00

    A device can't be joined to both on-prem AD and Azure AD. It would need to be unjoined from the on-prem domain first, then joined to Azure AD (make sure there is a local user admin account and be careful of data loss for profiles etc) "Enroll only in device management" will enrol the device Intune (and register it in Azure AD but not join Azure AD)


  2. Pa_D 1,071 Reputation points
    2021-02-11T23:54:34.19+00:00

    1) Use script to collect hardware hash.
    2) Add them into Autopilot.
    3) Do a reset of the device, and go through Autopilot OOBE scenario.

    Since you are moving away from AD, use Autopilot with Azure AD Join.


  3. Crystal-MSFT 50,591 Reputation points Microsoft Vendor
    2021-02-12T02:16:06.75+00:00

    @Halogeen , From your description, it seems you want to migrate from on-premise AD to Azure AD. If there's any misunderstanding, feel free to let us know.

    Based on my research, I find an article for the reference:
    https://o365hq.com/services/on-premises-active-directory-to-azure-active-directory-transition
    Note: Non-Microsoft link, just for the reference.

    If you want to know more about the migration, please contact Azure AD support with tag "azure-active-directory":
    https://learn.microsoft.com/en-us/answers/topics/azure-active-directory.html

    For Intune enrollment, there are many methods, we can choose one in our environment:
    67194-image.png
    https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment#windows-enrollment-methods
    https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.