question

SUNILKUMAR-4950 avatar image
1 Vote"
SUNILKUMAR-4950 asked RP-2478 answered

From Azure AD Registered To Azure AD Joined

My organization has 500+ Azure AD registered devices(Remote Too). Now we want to mange these devices with Intune and want to convert these devices from Azure AD registered to Azure AD joined. What is the best way to do the same?

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@SUNILKUMAR-4950 This has been a common movement requirement now. many other companies are also trying to shift towards complete Azure AD Joined state.
Although the move is not a very straight forward or MS has not provided any migration path for same.

The device state (Azure AD registered and Azure AD Joined ) were both for a different scenario, where AAD registered were for personal devices for corporate resource access and Azure AD joined for corporate devices to utilize more features like SSO and device management.

There are many ways to achieve this, it all depends on which route would be easier for you.

1) Azure AD Joined via Autopilot which needs Intune
This requires you to fetch the hardware hash from all devices and upload them into Intune, followed by Autopilot profile to be targeted to all devices.
This is a easier way for bulk enrollment and management. Make sure that you will have to clean up the Azure AD registered device entries from Azure AD portal.

2) Involve users to perform AAD Join
If you have small group who can perform some extra steps to convert their devices from registered to joined, you can disconnect the devices from settings, work and School account, followed by deleting the entry from Azure portal.
Then go to settings - Work or school account - Join to Azure AD option.

The methods depend upon which route you want to choose. Let me know if you have any questions.



If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TarunKantiMondal avatar image
0 Votes"
TarunKantiMondal answered

How do I collect Hardware hash ?
and do I need to collect Hardware hash manually ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RP-2478 avatar image
0 Votes"
RP-2478 answered

From Windows PowerShell ISE Admin mode
Run the first line in the powershell window to allow scripts to run , Select all

Set-ExecutionPolicy Unrestricted

Type the following lines in a new script. The path C:\HWID can be changed to your likening

New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo -OutputFile AutoPilotHWID.csv


Retrieve the file AutopilotHWID.CSV and upload to Intune endpoint.mictrosoft.com > Devices > Enroll Devices > Windows Autopilot Deployment Program > Devices > Import . Allow 30 minutes for the device to be ready.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.