Domain Joined device to intune transition

Saad Farooq 26 Reputation points
2022-06-25T09:57:31.95+00:00

Hi
We have requirements where client had on prem AD while Win 10 devices are domain joined now they have plan to enroll those domain joined devices to Intune without reset or newly windows Installation. Do we need to go for Hybrid AD using AD connect or any other options simply they need to disjoin existing devices from on prem AD and need to enroll those devices to Intune without any downtime or reset.

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
847 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,621 questions
{count} votes

4 answers

Sort by: Most helpful
  1. Nick Hogarth 3,411 Reputation points Microsoft MVP
    2022-06-26T22:35:56.107+00:00

    You can enable Hybrid Azure AD Join and then create a GPO to enroll them into Intune. You don't need to disjoin them from the existing AD. See https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy for more info


  2. Crystal-MSFT 19,811 Reputation points Microsoft Employee
    2022-06-28T02:50:06.007+00:00

    @Saad Farooq , If you have an on-premises Active Directory environment and want to join your AD DS domain-joined computers to Azure AD, we still suggest to do hybrid Azure AD join.

    But if we don't want to use on-premise domain in the future, we can consider to just using Azure AD join by unjoining the device from on-premise domain, enable auto-enrollment, then do Azure AD join under Access work or school to trigger Intune enrollment.
    https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973#:~:text=Open%20Settings%2C%20and%20then%20select%20Accounts.%20Select%20Access,select%20Join%20this%20device%20to%20Azure%20Active%20Directory.
    https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll

    But as a reminder, when we disjoin the device from on previous domain, the previous user profile will be removed. We will need to login using the Azure AD account with a new profile.

    For Intune enrollment method, you can also choose other one. Here is a link with the enrollment method for the reference:
    https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment#windows-enrollment-methods

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Limitless Technology 37,341 Reputation points
    2022-06-28T08:29:05.357+00:00

    Hi SaadFarooq-0840,

    Here is a nice tutorial to achieve that step by step:

    https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains

    I have used Autopilot to move computers over in the past. But in general, I join them to Azure AD and managed using Endpoint Manager whenever we replace the hardware. This will take a good amount of time if you don’t plan to replace computers within the next year or so. So sometimes we simply re-install computers.

    -----------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    No comments

  4. Saad Farooq 26 Reputation points
    2022-07-02T05:50:19.13+00:00

    Hi All,

    Thanks for sharing your valuable suggestion. I will let you know if further support required.