Thank you so much for this video, it was a great help. I thought it was funny how long it took to sync the device's owner and MDM, but from my experience this seems to be quite common. I typically have to wait a few minutes for the results to display on the Azure side, when a sync is forced through the Access Work or School functionality. It typically takes even longer if I wait for an automatic sync.
hi buddy thanks for your video, a quick question when we auto-enroll all hybrid joint devices to intune does that import all the devices in AD or hybrid joint or only those devices that are logged on with valid/active users using them? As I have AD with a lot of old devices still in (I need to do some housekeeping), if it only enrolls the devices actively in use then that makes my life easy. thanks
Does the end user computer need to have the "Company Portal" installed on the device for it to register in Intune? Through all the docs I've seen for Hybrid AAD Join it hasn't been mentioned. But in discussion with some of my colleagues it seems like it might be
Thanks for sharing this how to video. My question is our users' UPN onprem and in M365/Azure are the same and yet the MDM status is still says "None" even after following your procedure (minus adding the Trust part in AD). Any ideas, TIA.
Hi, I have managed to enroll hybrid device, and add device to intune as well, adn the link you sent me on another video, i have managed to sync AAD user to AD as well, my only concer is, when we logged into device with that synched user, how can we confirm if that is local AD one or AAD one, coz its not showing that AAD logo on user when signed in. As the windows initial setup is different for both local AD and AAD user as AAD user comes up with windows hello setup via intune.
We have 100 users with laptops and they all are On-Prem AD joined. We also have Azure which is syncing with On-Prem. What is the best way to deploy intune for these existing laptops without resetting or wiping any data?
I have a problem. My local domain is the same as the one displayed online. It seems like that it never gets enrolled to the MDM correctly, do you know why? What can I do?
hello, thanks for the video. One thing I am missing in the MDM folder in GPO editor is Enable automatic MDM enrollment using deafult AZURE AD credentials. My DC is running on Win Server 2016. How can I fix this issue? Thanks again
Hi all, There are two options available to encrypt drives: Option 01. under Endpoint Security > Disk Encryption and Option 02. through device configuration profiles. The requirements include saving the key to Azure AD and AD, with the need for silent encryption without a user interface. My question is, Q1. for SILENT BITLOCKER ENCRYPTION, which method should we choose, Option 01 or Option 02? Q2. If we create a profile only under Endpoint Security > Disk Encryption, will the encryption work? Q3. Or do we need to define BitLocker configuration in Endpoint Security, and use the same settings in the profile under device configuration? Q4. And same group assignment for profile created in option 1 and option 2.?
I have followed exact same steps, but I am missing INFO button under Windows Settings > Accounts. I confirmed machine is showing as Hybrid AD Join, and MDM Scope is enabled for this particular group of machines. Azure AD Connect is installed with proper credentials, and GPO is enabled for MDM. The machines are populating in Azure AD with Hybrid AD Join, but not showing in Intune.
If info (or sync) button is not available means the device is not fully hybrid azure ad joined device. 1. Run the dsregcmd /status command and check the output. 2. Use dsregcmd /debug /join command for more inforamtion. 3. Check the task scheduler. Did you find any task related to device join or device sync? With MS sometime we also need to play waiting game.
hey, srry my english is very bad, but I had the same problem, I fix it when i stop de MFA or conditional access, restart the computer and the account can login or complete the mfa if you dont have comleted.
Hi, I don't have on premises window server environment but I only have Azure AD only. Then how can I implement GPO and print service to the devices link with Azure AD?
@@chennuvijayalakshmi2594 My devices all connect with Azure AD ( Free)cause I have Microsoft 365 business licenses. But I need to purchase intune for each users I guess.
Bhai it was awesome video so much clear explanation i have seen thousand videos u r the best
Thank you so much 😀
Thank you so much for this video, it was a great help. I thought it was funny how long it took to sync the device's owner and MDM, but from my experience this seems to be quite common. I typically have to wait a few minutes for the results to display on the Azure side, when a sync is forced through the Access Work or School functionality. It typically takes even longer if I wait for an automatic sync.
thanks for all your efforts , you are a great instructor
So nice of you.
This is a wonderful video, and I've learned a lot. Keep up the great work.
Thanks you so much. It's very clear and helpful.
Glad to hear that!
I have learned a lot from you, thank you sir ❤❤
Great Video! keep creating more such videos!!! thank you!!!
More to come!
Great video, pls do not stop doing such videos.
Thank you so much it helps lot..
Thx for providing informative videos🙂
Informative as usual. thank you
Nice job ...
Well explained!
When the upn suffix is changed and I login with the new upn suffix does it create a new profile and do I need to migrate user data?
hi buddy thanks for your video, a quick question when we auto-enroll all hybrid joint devices to intune does that import all the devices in AD or hybrid joint or only those devices that are logged on with valid/active users using them? As I have AD with a lot of old devices still in (I need to do some housekeeping), if it only enrolls the devices actively in use then that makes my life easy. thanks
Does the end user computer need to have the "Company Portal" installed on the device for it to register in Intune? Through all the docs I've seen for Hybrid AAD Join it hasn't been mentioned. But in discussion with some of my colleagues it seems like it might be
Thanks for sharing this how to video. My question is our users' UPN onprem and in M365/Azure are the same and yet the MDM status is still says "None" even after following your procedure (minus adding the Trust part in AD). Any ideas, TIA.
👍👍👍👍👍👍👍👍 thaaaank youuuuuuuuuu
With this option, still can use GPOs in the local Active Directory? Thank you.
Hi,
I have managed to enroll hybrid device, and add device to intune as well, adn the link you sent me on another video, i have managed to sync AAD user to AD as well, my only concer is, when we logged into device with that synched user, how can we confirm if that is local AD one or AAD one, coz its not showing that AAD logo on user when signed in.
As the windows initial setup is different for both local AD and AAD user as AAD user comes up with windows hello setup via intune.
We have 100 users with laptops and they all are On-Prem AD joined. We also have Azure which is syncing with On-Prem. What is the best way to deploy intune for these existing laptops without resetting or wiping any data?
@MSFTWebCast Please reply.
my question is also same
I have a problem. My local domain is the same as the one displayed online. It seems like that it never gets enrolled to the MDM correctly, do you know why? What can I do?
Is this method work for SCCM CO-MANAGE TO INTUNE MANAGE TRANSFERRING?
Is there a way to add the trusted domain suffix to all local users at once?
Yes, you can use PowerShell script for that. Refer this video: ua-cam.com/video/t3QlS64X_2Q/v-deo.html
@
Much more appreciated.Your videos are very informative and helpful.
If I joined Intune using hybrid AD and MDM shows Intune, will it affect the PC connection to Intune when my physical server dies?
hello, thanks for the video. One thing I am missing in the MDM folder in GPO editor is Enable automatic MDM enrollment using deafult AZURE AD credentials. My DC is running on Win Server 2016.
How can I fix this issue?
Thanks again
That is because of older admx templates. You need to update the group policy ADMX and ADML template.
@@MSFTWebCasthow do you update that?
Hi all,
There are two options available to encrypt drives:
Option 01. under Endpoint Security > Disk Encryption and
Option 02. through device configuration profiles.
The requirements include saving the key to Azure AD and AD, with the need for silent encryption without a user interface.
My question is,
Q1. for SILENT BITLOCKER ENCRYPTION, which method should we choose, Option 01 or Option 02?
Q2. If we create a profile only under Endpoint Security > Disk Encryption, will the encryption work?
Q3. Or do we need to define BitLocker configuration in Endpoint Security, and use the same settings in the profile under device configuration?
Q4. And same group assignment for profile created in option 1 and option 2.?
I have followed exact same steps, but I am missing INFO button under Windows Settings > Accounts. I confirmed machine is showing as Hybrid AD Join, and MDM Scope is enabled for this particular group of machines. Azure AD Connect is installed with proper credentials, and GPO is enabled for MDM. The machines are populating in Azure AD with Hybrid AD Join, but not showing in Intune.
If info (or sync) button is not available means the device is not fully hybrid azure ad joined device.
1. Run the dsregcmd /status command and check the output.
2. Use dsregcmd /debug /join command for more inforamtion.
3. Check the task scheduler. Did you find any task related to device join or device sync?
With MS sometime we also need to play waiting game.
hey, srry my english is very bad, but I had the same problem, I fix it when i stop de MFA or conditional access, restart the computer and the account can login or complete the mfa if you dont have comleted.
I have the same issue now, did you get resolved?
Hi I'm not getting the option in GPO to enable automatic enrollment what should i do.
Which server you have? Maybe its due to old administrative template.
Hi, I don't have on premises window server environment but I only have Azure AD only. Then how can I implement GPO and print service to the devices link with Azure AD?
Do u have any idea about how to move devices in azure ad to intune..
@@chennuvijayalakshmi2594 My devices all connect with Azure AD ( Free)cause I have Microsoft 365 business licenses. But I need to purchase intune for each users I guess.
Is there a document that summarizes this? It would be a 5 minute read instead of 20 minutes to watch this.
You can find the official doc on TechNet.
Superb