question

hitendersingh-1558 avatar image
0 Votes"
hitendersingh-1558 asked LuDaiMSFT-0289 commented

Intune related query - convert ad joined machines to AAD and auto enroll


Hello,

Hoping someone could answer.

This may look like a very vague query. requirement as below from the school:-

"Educational institute"
"Tenant with MS A1 license"
"Upgrade to MS A3"
"500 devices"
"Want to cutover AD to AAD" (make in cloud identities I have assumed)
I am assuming their devices are AD joined (remote users - students)
"Using 2 profiles - one for staff and another for teachers, controlling which network they connect to.
"Push/install software remotely"


I understand that there is no direct path to make a AD joined machine completely AAD joined and Intune managed. Has someone been able to do it?
I think auto pilot would be a way to go but that would require us to reset the devices.
Or we could just use the option to enroll this device to Intune but that would lead us to have hybrid joined.

Also, how long this might take?


Thank you

intune-generalintune-enrollmentintune-application-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@hitendersingh-1558 Thanks for posting in our Q&A.

To clarify this issue, we appreciate your help to clear something:
1.From your description, I know that the devices are in on-premises AD. So, what joined type did you want? Hybrid Azure AD joined(The devices are joined to on-premises AD and Azure AD)? Or Azure AD joined(The devices are just joined to Azure AD)?

2.If you want Hybrid Azure AD joined, autopilot enrollment and GOP enrollment could be used. However, autopilot needs to reset the devices. For GPO enrollment, we can read the following article as a reference:
https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

3.If you want just Azure AD joined, it is needed to remove the devices from the on-premises AD. Then enroll the devices to intune.

Not sure how long it will take, these work involve many factors such as the network, the device itself and so on.

If there is anyting update, feel free to let us know.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@hitendersingh-1558 I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.

0 Votes 0 ·