Not exactly what you're looking for, but you could send out a USB key that contains a script to automatically upload the hardware hash and assign a group tag. You could take some ideas from https://www.youtube.com/watch?v=nelpwJLQJDk
Not exactly what you're looking for, but you could send out a USB key that contains a script to automatically upload the hardware hash and assign a group tag. You could take some ideas from https://www.youtube.com/watch?v=nelpwJLQJDk
Test it out before you do it in production, but you should be able to change the Intune Connector for Active Directory service (from services.msc to run as an AD user account) and that account needs to have permissions in all domains as specified here https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit You can't control which connector receives the request (its first come, first serve), which is why it needs permissions to create computer objects in all domains as noted here https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#install-the-intune-connector
The docs state:
https://docs.microsoft.com/en-us/mem/intune/protect/certificate-connector-prerequisites#azure-active-directory-user
"When configuring the connector, you'll need to use a user account that: is either a Global Admin or Intune Admin, has an Intune license assigned, and must be a synchronized account from your local Active Directory."
So you're using PKCS instead of SCEP? If so, did you follow the documentation exactly to create the cert template? Mainly around the private key part - https://docs.microsoft.com/en-us/mem/intune/protect/certificates-pfx-configure#configure-certificate-templates-on-the-ca
If you are using a task sequence to reimage, you can run a script to get the HW hash and authenticate using graph and Azure app registration. See https://www.youtube.com/watch?v=erUTkLY_MHo
See the note here https://docs.microsoft.com/en-us/windows/whats-new/windows-11-plan#windows-11-availability
"If you use Windows Update for Business to manage feature update deployments today, you will need to leverage the Target Version policy rather than Feature Update deferrals to move from Windows 10 to Windows 11. Deferrals are great for quality updates or to move to newer version of the same product (from example, from Windows 10, version 20H2 to 21H1), but they cannot migrate a device between products (from Windows 10 to Windows 11).
Also, Windows 11 has a new End User License Agreement. If you are deploying with Windows Update for Business Target Version or with Windows Server Update Services, you are accepting this new End User License Agreement on behalf of the end-users within your organization."
https://twitter.com/ariaupdated/status/1441056423564087297
"Your managed devices will NOT automatically upgrade to #Windows11.
For #WUfB you'll need to specifically select/enter "Windows 11" on the Feature Update Deployments page in Intune or the Target release version policy. Deferrals alone won't move you to windows 11."
The licenses need to be assigned. If you go into the Azure AD portal (aad.portal.azure.com) and go to Users, select an example user, then Licenses. What type of Licenses do the users have assigned?
Have you looked at using Autopilot and self-deploying mode then? https://docs.microsoft.com/en-us/mem/autopilot/self-deploying
Looks like Azure services hasn’t been configured. On the link I posted, you need to make sure the prerequisites are met to do the sync.