That was a good, concise explanation of the process. Our organization is running hybrid AAD in a global tenant and this is pretty much how we do it, scaled up for enterprise with extras like group tags, ztdids, enrollment status page, dynamic azure groups, app bundles. I’d be interested in seeing a well made video of using the group policy remediation tool in real world situations and another for universal print.
Thank you so much for all the teachings you've been sharing; it's been very helpful to me. Could you create a video about having two environments running simultaneously in Intune with Autopilot? I'm looking to manage hybrid machines and 100% Azure machines being added simultaneously. I've attempted to replicate this, but I'm having trouble understanding how to do it or getting it to work. Thank you!
You will need to create a second profile for the Azure only Autopilot, I explained it in this video here: Autopilot Azure AD Join ua-cam.com/video/AVSvhcTHy78/v-deo.html
Brilliant! Excellent work. I have one question: Is the 'Device Writeback' a mandatory requirement when implementing Windows Autopilot Hybrid Join? What’s its purpose, especially since the Intune connector is used for joining devices to Active Directory?
For me, device gets stuck in ESP page at account setup ( joining to organisation network) after entering domain cred … i ran the delta sync AD connect but no change it still waits for at the same page
Excellent video, really helped. I am setting devices up remotely for Hybrid intune. I can see the device in the server and in the cloud but I am not able to sign into the device due to it not being able to communicate with the server. Is there a way like the normal intune that it can sign in with the office 365 credentials rather than the domain credentials?
The device has to contact the DC to authenticate if hybrid joined, you can pre-connect to VPN if this is an option, otherwise if this device will never connect with DC and you want to login with the office 365 credentials then you can watch the video to connect to Azure AD only not hybrid joint
@@TechConect ohhhh reallyy......then yes we want to deploy hardening GPOs as well and security policies as well.. but again reconfirming, without user connecting to office network , with this setup all GPOs will get applied ? or user once need to connect office network to apply GPOs ? please give reply
Unless the PC contacts the domain controller to get the GPOs, nothing will apply, so they will need to connect using VPN or be in the office. If they do not connect to the office network at all, then I don't see a value in doing hybrid join, rather you can do Azure AD join and create/apply the policies from intune directly. here is a video that shows you how to setup Azure AD join. ua-cam.com/video/AVSvhcTHy78/v-deo.html
@@TechConect ok got it..i followed all steps as per your Hybrid autopilot video, but in the last...not able to login into Machine using Domain user.........it is strange..... I am getting error while first time login. "we cannot sign with credential because domain is not available" . do you know how to solve this problem ?
Verify that the Autopilot PC joined the domain by looking into the OU in active directory and if it is, then verify that the PC can reach the domain controller, in my Demo, the PC and domain controller where at the same site
Don’t you need pre login and vpn configuration in order for user to authenticate to the domain to login for the first time? am currently doing this for my org and am testing to see if it will work.
So with this setup I can deploy local GPOs to it ( printers, drive mappings etc ) and if I get new machines I can deploy Intune App and Config profiles to build the new machines, best of both worlds?
Although write-back is not a requirement, however, several times when I did not have it enabled I ran into all kinds of issues including but not limited to having 2 Devices of the same PC in azure without consolidation.
I followed all of these steps and it went smoothly, except my test device gets stuck on "please wait while we setup your device..." Any tips? It never populates in the OU I created on AD.
1. Verify that the device can reach the domain controller 2. Verify Intune AD connector is healthy in the portal. 3. Check the event logs on the device for any errors or warnings 4. Verify AD connect is configured for hybrid join 5. Verify the you applied the correct permissions to the OU 6. Test with a Different Device
Thanks for another Great video ,everything made complete sense except Since you had 2 deployment profiles How did Intune know to assign Hybrid deployment profile instead of the other one which I can assume was for Non Domain joined PCs. How does Intune know to assign what deployment profile to that specific machine. Are you using some kind of a rule/query
I assigned the Intune Devices Group to the Hybrid profile and that's how Intune knows. Please watch the Video again, you will hear me talking about it.
@@TechConect that I heard very clearly my confusion came in when I noticed you had 2 deployment profiles. Is the second deployment profile assigned to a second Dynamic device group for example for the standard Azure AD only devices. And if so the 2 DYnamic device groups must be using different queries . And to that note How did your VM know to pick assign itself to which group to get the Hybrid Autopilot deployment profile instead of the 2nd one . I’m trying to be as clear as possible but limited cos English is not a first language but you should understand what am trying to convey Thanks again
@@BACKSPIN9ball yes, a different dynamic group, you can create a group using a different query like device name starts with LT-. But generally companies do either hybrid join or azure AD join not both.
ChatGPT Tutorial - A Crash Course on Chat GPT for Beginners
ua-cam.com/video/m7krLOucEhs/v-deo.html
That was a good, concise explanation of the process. Our organization is running hybrid AAD in a global tenant and this is pretty much how we do it, scaled up for enterprise with extras like group tags, ztdids, enrollment status page, dynamic azure groups, app bundles.
I’d be interested in seeing a well made video of using the group policy remediation tool in real world situations and another for universal print.
I found this video before trying the setup and I am glad I did. It worked perfectly!! Thanks!!!
You’re the best man!!! Was struggling a lot bro!
Thank you so much for all the teachings you've been sharing; it's been very helpful to me. Could you create a video about having two environments running simultaneously in Intune with Autopilot? I'm looking to manage hybrid machines and 100% Azure machines being added simultaneously. I've attempted to replicate this, but I'm having trouble understanding how to do it or getting it to work. Thank you!
You will need to create a second profile for the Azure only Autopilot, I explained it in this video here:
Autopilot Azure AD Join
ua-cam.com/video/AVSvhcTHy78/v-deo.html
Kudos to you, excellent video!
Brilliant! Excellent work.
I have one question: Is the 'Device Writeback' a mandatory requirement when implementing Windows Autopilot Hybrid Join? What’s its purpose, especially since the Intune connector is used for joining devices to Active Directory?
It is not mandatory and Autopilot should work fine without it.
thank you for this video 🙂
For me, device gets stuck in ESP page at account setup ( joining to organisation network) after entering domain cred … i ran the delta sync AD connect but no change it still waits for at the same page
Did you find the solution ?
does your device meet the requirements? ESP needs TPM, more than 2 nucleus in your processor, secure boot and 64bits os.
Excellent video, really helped. I am setting devices up remotely for Hybrid intune. I can see the device in the server and in the cloud but I am not able to sign into the device due to it not being able to communicate with the server. Is there a way like the normal intune that it can sign in with the office 365 credentials rather than the domain credentials?
The device has to contact the DC to authenticate if hybrid joined, you can pre-connect to VPN if this is an option, otherwise if this device will never connect with DC and you want to login with the office 365 credentials then you can watch the video to connect to Azure AD only not hybrid joint
Hello , nice video. just want to ask, will all on prem Group policies will be applied ?
If you have GPOs inherited or applied to the OU that the session hosts are in then yes they will apply
@@TechConect ohhhh reallyy......then yes we want to deploy hardening GPOs as well and security policies as well.. but again reconfirming, without user connecting to office network , with this setup all GPOs will get applied ? or user once need to connect office network to apply GPOs ? please give reply
Unless the PC contacts the domain controller to get the GPOs, nothing will apply, so they will need to connect using VPN or be in the office.
If they do not connect to the office network at all, then I don't see a value in doing hybrid join, rather you can do Azure AD join and create/apply the policies from intune directly.
here is a video that shows you how to setup Azure AD join. ua-cam.com/video/AVSvhcTHy78/v-deo.html
@@TechConect ok got it..i followed all steps as per your Hybrid autopilot video, but in the last...not able to login into Machine using Domain user.........it is strange..... I am getting error while first time login. "we cannot sign with credential because domain is not available" . do you know how to solve this problem ?
Verify that the Autopilot PC joined the domain by looking into the OU in active directory and if it is, then verify that the PC can reach the domain controller, in my Demo, the PC and domain controller where at the same site
Im not seeing the white glove pre-provisioning. Will this work on these type of set up?
yes when creating the profile select yes for option Allow pre-provisioned deployment and it should work
This is a great video
Great Video!!
Don’t you need pre login and vpn configuration in order for user to authenticate to the domain to login for the first time? am currently doing this for my org and am testing to see if it will work.
As I explained in the topology I have the PC and the DC at the same location, but if your PC is not then you will need to setup VPN to pre connect
So with this setup I can deploy local GPOs to it ( printers, drive mappings etc ) and if I get new machines I can deploy Intune App and Config profiles to build the new machines, best of both worlds?
Correct
why device writeback option is configured in AAD connect..What's the purpose and why it's needed for Hybrid AD join scenarios.
Although write-back is not a requirement, however, several times when I did not have it enabled I ran into all kinds of issues including but not limited to having 2 Devices of the same PC in azure without consolidation.
how much time did it take to reach the windows login screen after putting in your credentials? have you tried pre-provisioning?
It took about one hour, the time depends on your location and Internet speed.
I followed all of these steps and it went smoothly, except my test device gets stuck on "please wait while we setup your device..." Any tips? It never populates in the OU I created on AD.
1. Verify that the device can reach the domain controller
2. Verify Intune AD connector is healthy in the portal.
3. Check the event logs on the device for any errors or warnings
4. Verify AD connect is configured for hybrid join
5. Verify the you applied the correct permissions to the OU
6. Test with a Different Device
Thanks for another Great video ,everything made complete sense except Since you had 2 deployment profiles How did Intune know to assign Hybrid deployment profile instead of the other one which I can assume was for Non Domain joined PCs.
How does Intune know to assign what deployment profile to that specific machine.
Are you using some kind of a rule/query
I assigned the Intune Devices Group to the Hybrid profile and that's how Intune knows.
Please watch the Video again, you will hear me talking about it.
@@TechConect that I heard very clearly my confusion came in when I noticed you had 2 deployment profiles. Is the second deployment profile assigned to a second Dynamic device group for example for the standard Azure AD only devices. And if so the 2 DYnamic device groups must be using different queries .
And to that note How did your VM know to pick assign itself to which group to get the Hybrid Autopilot deployment profile instead of the 2nd one .
I’m trying to be as clear as possible but limited cos English is not a first language but you should understand what am trying to convey
Thanks again
@@BACKSPIN9ball yes, a different dynamic group, you can create a group using a different query like device name starts with LT-.
But generally companies do either hybrid join or azure AD join not both.
are you not configuring ESP enrollment status page?
I did not configure it in this demo but it’s a good practice to configure it.
Exactly where to install Azure AD connector ( in DC or other device)
AD Connect can be installed on any domain joined server or DC
Thank you so much for detailed video can you plz create one video on pre provissioning?
There are 2 links in the description that shows how to upload hashes and create a dynamic group
can you please confirm if instead to run the script in the OOBE you can configure an intunes auto register in Azure register setup options?
Usually if you are purchasing PCs from a vendor like Dell, they can pre-register them through Microsoft API
very good.
Thanks for the video but my machine cannot reach the domain
did you solve it?
Why did you have to run cmd commands?
Just to speed things up, but usually AD Connect runs every 1/2 hour