hybrid azure ad join - cannot join intune

Elroy1986 1 Reputation point

currently, my company uses Azure virtual desktop and machines are azure ad joined. we have no local servers so never had the need for local ad or file servers. we are in the process of trialling a ZTNA solution that allows local access to azure resources i.e. network drives. using the solution, we have managed to get devices hybrid joined. the process involved disconnecting the device from azure ad then joining local ad (DCs in azure). this seems to work, dsregcmd doesn't return any errors and the devices show up in active directory and azure ad. the problem is that the old device still appears in intune and has a different device ID. I've had to delete the device but the new device doesn't get joined back to intune. any ideas?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,489 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
2,352 questions
{count} votes

3 answers

Sort by: Most helpful
  1. VipulSparsh-MSFT 15,981 Reputation points

    @Elroy1986 If any of the solution you are implementing needs the device to be removed from Intune and then perform something on the device, it is advised to remove the Device from Intune first and then perform other steps.

    Otherwise it creates Stale Entry and any attempt to perform another enrollment for same device will cause new entries and there is no way of the device knowing that it has to join with some other entry.

  2. Jason Sandys 30,906 Reputation points Microsoft Employee

    we have managed to get devices hybrid joined

    Why are you doing this? If you have nothing on-prem, hybrid joining them makes no sense (even if you did have anything on-prem, this probably doesn't make sense either).

  3. Lacy 1 Reputation point

    If you have Azure AD DS setup and configured, then it is possible to join to an AD in the cloud and not on premise. What I believe the issue is, that you don't have the Intune Connector setup which helps manage duplicate devices objects. Yes, when you delete that first object, it is the object that the authentication is happening against, so yes, that does block auth. Setup and configured the Intune Connector. windows-autopilot-hybrid