Azure AD Hybrid Join with Auto-Pilot Questions

Kak Tak 11 Reputation points
2022-01-18T10:45:45.667+00:00

Hi All,

I really need some help in understanding the right process of configuring this. I found many articles on the google which showing different methods and does not matter what I do I get Azure AD join instead of hybrid ad join.

Configuration is like this:

1) I installed and configured AD Connector on my DC
2) Both config profile and Domain profile are created
3) Hash is imported and everything is working when I start a new machine.

Auto-pilot kicks in and configure everything without error but device is ad joined and not hybrid.

My questions are:

1) Do I need to edit AD Connect server device options and choose Hybrid AD Join and choose our AutoPilot OU? This step is not in the Microsoft Learn when configuring Hybrid AD join with autopilot. If I am not wrong we need to do this if we want to join devices already in our AD, right? Not the new ones.

2) Once that autopilot is completed and the user logs in, sometimes we receive error/warning about problem with credentials and that we need to login with school or work account.

3) Do we need to configure Auto-Enrollment with GPO when using auto-pilot and hybrid-join or that gpo is only for existing devices?

I would appreciate if someone can asnwer to the questions without sending the links to different websites.

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
411 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,254 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,587 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Hogarth 3,436 Reputation points
    2022-01-18T22:19:00.33+00:00
    1. Are you referring to Azure AD Connect? Then yes, Hybrid Azure AD needs to be enabled. Autopilot and the Intune Connector for AD will enable the device to join the on-prem domain, the Hybrid Azure AD Join process happens later in Autopilot or once in Windows
    2. That is most likely because you haven't enabled Hybrid Azure AD in Azure AD Connect options.
    3. No, that GPO isn't required. That is for existing devices.

    I would strongly recommend reading through this link which will explain into more details. Especially how you end up with two devices, one Azure AD device and one Hybrid Azure AD device which is how its designed. https://oofhours.com/2019/07/15/inside-windows-autopilot-user-driven-hybrid-azure-ad-join/

    2 people found this answer helpful.
  2. Lu Dai-MSFT 28,356 Reputation points
    2022-01-25T08:09:57.81+00:00

    @Kak Tak I will add some information about autopilot process. Yes, it is needed to start the autopilot process from the beginning or start the autopilot process from restarting the device. For existing devices, GPO enrollment is a good choice.

    At the autopilot process, security policies, Applications, Connectivity profiles and Certificate profiles will be deployed. We can read the following article to get more details:
    https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status#enrollment-status-page-tracking-information
    You can deploy other configuration profiles (which configures Outlook/Onedrive etc) to user groups and these profiles will be deployed after autopilot.

    Could you please clarify what settings you want to configure in the configuration profile (which configures Outlook/Onedrive etc)? What is your goal?

    Hope it will help.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments