Hybrid Join Devices Off Network

Swati Arora 146 Reputation points
2021-10-01T07:33:28.927+00:00

Hi All,

Just to clarify below for Hybrid Join devices:

  1. When Hybrid jon devices are not on org's network, does that affect enrolment of these devices once enrolled with org network ?
  2. When we re-start those device without org network, is there any unexpected behaviour which can be considered before we start enrolling those devices ?

Thanks

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,796 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,502 questions
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee
    2021-10-01T11:47:33.46+00:00

    @Swati Arora Thanks for reaching out.

    Considering you mean Intune Enrollment, here are the points :

    1) For enrolling the device in hybrid mode, the device has to be on corporate network or it will not complete the Enrollment unless you are using Autopilot with Skip check to your local Domain. If you do select an Autopilot profile with Skip AD connectivity Check it will allow you to use a VPN profile deployed to the device for auto connecting to your Corp network, so that the further process can take place.

    2) If you restart those machines or if they get restarted as part of Autopilot process, they will need to use the corp network in order to complete the setup. Till then you will not be able to login on machine.

    If you are not talking about Autopilot but a normal state where the machines are already in Hybrid Join state.

    Then you need the device to be in corp network till it gets the GPO for Intune enrollment. Once GPO gets applied, it can do the enrollment over Internet as well.
    This is considering the domain account was used to login which has Intune license as well.

    You can also check this article for further reading : https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful