question

DEFredEricS avatar image
0 Votes"
DEFredEricS asked Crystal-MSFT commented

Intune - Windows 10 EAS Device - Howto Azure AD Join

Hi Everyone,

I currently have a case which I can't try in my environment as I don't have an Exchange Server running on-prem. The case is as follows - an on-prem Exchange is running and an Intune Active Sync Connector was previously configured (I know it is depricated since 07/2020) and has been successfully syncing devices to Azure/Intune. These devices are of course, Azure AD Registered. Intune wasn't used for device management and is now being configured. We wanted to properly onboard an existing device without too much impact to the user, so we removed the EAS/MDM device object in Intune and the Azure AD Registered device object. Then, we had the user join his device via Settings - Accounts - Access Work or School - Connect. This works, however, the device still appears as Azure AD Registered and EAS/MDM in Intune. My understanding until now was, if I join the device in the aforementioned way, it would appear as Azure AD Joined in Azure and as EAS/MDM in Intune, bu this isn't the case.

How would I need to proceed, if I wanted to have the device properly join as AAD Joined? Would I have to remove the EAS device entry from Exchange? Would that have any lasting impact on the user? As far as I understand, EAS should "see" the device is managed by Intune, so it shouldn't be a problem, right?

Cheers,

Fred

mem-intune-generalmem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

it would appear as Azure AD Joined

No, what you've described is still a user centric AAD registration.

Are the devices in question already (on-prem) AD domain joined?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT commented

@DEFredEricS, For our issue, I would like to confirm if we enter the Azure AD user email address under "Email address" after we click "Connect". If yes, it will be Azure AD registered. To do Azure AD join, we can choose "Join the device to Azure Actives Directory ".
80911-image.png
Please try the above suggestion. if there's any update, feel free to let us know.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (72.7 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DEFredEricS,, Hope things are going well? I am writing to see if the above information is helpful. If there's anything else we can hep., feel free to let us know.

Thanks and have a nice day!

0 Votes 0 ·

Hi Crystal,

sorry for the wait, I had to verify a couple of things as I don't have the information first hand. The method used is in fact "connect" and not "join this device [...]" as the latter option does not show up on the clients device, as seen in the following screenshot which was provided to me:

81834-spanishdevice.png

I've asked for the Windows 10 version and build with reference to the supported OS conigurations for Intune/Azure, but have yet to receive an answer.

As soon as I have more information available, I'll update this post.

Cheers,

Fred


0 Votes 0 ·
spanishdevice.png (227.5 KiB)

What about my question above: "Are the devices in question already (on-prem) AD domain joined?"

0 Votes 0 ·

@DEFredEricS,Thanks for the reply. From your description, I know the Azure Ad join option is not there. Could you confirm if the device is already joined to on-premise AD environment which Jason asked? I understand the device is not at hand and we need some tome to get the information. It' s OK. if there's any update, feel free to post back.

Thanks and have a nice day!

0 Votes 0 ·