question

BCKHACH-4044 avatar image
0 Votes"
BCKHACH-4044 asked ·

Azure - Duplicate device won't register in Intune - Want Hybrid only

We have some rogue Windows 10 devices registering as both AAD joined and Hybrid Registered.
Those that are Hybrid only are in Intune and mostly compliant.

These duplicate devices won't appear in intune Endpoint management
The OS is 1803 or later

They receive a GPO with these two settings:
Register domain joined computers as devices - Enabled
Enable automatic MDM enrollment using default Azure AD credentials - Enabled

They schedule two tasks
MDMMaintenenceTask - No errors
Schedule created by enrollment client for automatically enrolling in MDM from AAD - error "0x803e0114"

Not sure what to do to reregister the devices so they appear in intune.


azure-active-directory
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

NeeleshRay-4461 avatar image
0 Votes"
NeeleshRay-4461 answered ·

@BCKHACH-4044

First, I would suggest you check the join status of the said devices.
1. Open a command prompt as an administrator
2. Then type dsregcmd /status

In the result, check the values for DomainJoined and AzureAdJoined.

If DomainJoined field is YES, it indicates the device is joined to an on-premises Active Directory.

Now, to remove the devices completely (then have them rejoin) - Disable or delete Windows 10 devices in your on-premises AD, and let Azure AD Connect synchronize the changed device status to Azure AD.
NOTE: Deleting devices in your on-premises AD or Azure AD does not remove registration on the client. It will only prevent access to resources using device as an identity

Now, to remove the registration from the client completely, make sure to turn off automatic registration. Then the scheduled task doesn't register the device again. Next, open a command prompt as an administrator and enter dsregcmd.exe /debug /leave

Now, reboot the device. Make sure that the entries have been removed from your On-Premises and Azure AD.
After that run through the hybrid registration steps again.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.