Pre-provision Microsoft Entra hybrid join: Install the Intune Connector

• Applies to:

  ✅ Windows 11, ✅ Windows 10, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016

Windows Autopilot for pre-provisioned deployment Microsoft Entra hybrid join steps:

• Step 1: Set up Windows automatic Intune enrollment

• Step 2: Install the Intune Connector

• Step 3: Increase the computer account limit in the Organizational Unit (OU)
• Step 4: Register devices as Autopilot devices
• Step 5: Create a device group
• Step 6: Configure and assign Autopilot Enrollment Status Page (ESP)
• Step 7: Create and assign Microsoft Entra hybrid join Autopilot profile
• Step 8: Configure and assign domain join profile
• Step 9: Assign Autopilot device to a user (optional)
• Step 10: Technician flow
• Step 11: User flow

For an overview of the Windows Autopilot for pre-provisioned deployment Microsoft Entra hybrid join workflow, see Windows Autopilot for pre-provisioned deployment Microsoft Entra hybrid join overview

Note

If you have already set up the Intune Connector as part of the Windows Autopilot user-driven Microsoft Entra hybrid join scenario, you can skip this step and move on to [Step 3: Increase the computer account limit in the Organizational Unit (OU)].

Install the Intune Connector

1. Sign into the server where the Intune Connector is being installed with an account that has local administrator rights.

2. Turn off Internet Explorer Enhanced Security Configuration on the server. By default Windows Server has Internet Explorer Enhanced Security Configuration turned on. To turn off Internet Explorer Enhanced Security Configuration:

   1. On the server where the Intune Connector is being installed, open Server Manager.

   2. In the left pane of Server Manager, select Local Server.

   3. In the right PROPERTIES pane of Server Manager, select the On or Off link next to IE Enhanced Security Configuration.

   4. In the Internet Explorer Enhanced Security Configuration window, select Off under Administrators:, and then select OK.

3. Sign in to the Microsoft Intune admin center on the server where the Intune Connector is being installed.

4. In the Home screen, select Devices in the left pane.

5. In the Devices | Overview screen, under By platform, select Windows.

6. In the Windows | Windows devices screen, select Windows enrollment.

7. Under Windows Autopilot Deployment Program, select Intune Connector for Active Directory.

8. In the Intune Connector for Active Directory page, select Add.

9. In the Add connector window that opens, select Download the on-premises Intune Connector for Active Directory under step 2 of Configuring the Intune connector for Active Directory. This download should download a file called ODJConnectorBootstrapper.exe.

10. Open the ODJConnectorBootstrapper.exe file that downloaded to launch the Intune Connector install.

11. In the Intune Connector for Active Directory Setup installer window, select I agree to the license terms and conditions, and then select Install.

    Note

    If an install location other than the default of C:\Program Files\Microsoft Intune\ODJConnector is desired, select Options and specify the desired install location.

12. When the install completes, select Configure Now in the Intune Connector for Active Directory Setup installer window.

    Note

    If Close is accidentally selected or the Intune Connector for Active Directory Setup installer window is accidentally closed, the Intune Connector for Active Directory configuration can be accessed by selecting Intune connector for Active Directory > Intune connector for Active Directory from the Start menu.

13. In the Intune connector for Active Directory window:

    1. Under the Enrollment tab, select Sign In.

    2. Under the Sign In tab, sign in with the Global administrator or with the credentials of an Intune administrator role. The user account must have an assigned Intune license. The sign in process may take a few minutes to complete.

    3. Once the sign in process is complete, a The Intune connector for Active Directory successfully enrolled confirmation window appears. Select OK to close the window. The Enrollment tab shows Intune connector for Active Directory is enrolled and the Sign In button is greyed out.

    4. Close the Intune connector for Active Directory window.

14. In the Microsoft Intune admin center, close the Add connector window if it's still displayed.

15. In the Intune Connector for Active Directory page, confirm that the server is displayed under Connector name and shows as Active under Status. If the server isn't displayed, select Refresh or navigate away from the page, and then navigate back to the Intune Connector for Active Directory page.

Note

• The Global administrator role is a temporary requirement at the time of installation.
• After you sign in to the Intune connector, it can take several minutes to appear in the Intune Connector for Active Directory page of the Microsoft Intune admin center. It appears only if it can successfully communicate with the Intune service.

After the Intune Connector is installed, it will start logging in the Event Viewer under the path Applications and Services Logs > Microsoft > Intune > ODJConnectorService. Under this path, the Admin and Operational logs are found.

Next step: Increase the computer account limit in the Organizational Unit (OU)

Step 3: Increase the computer account limit in the Organizational Unit (OU)

More information

For more information on the Intune connector, see the following article(s):

• Install the Intune Connector