Intune Autopilot with Hybrid Azure/Entra AD Join | Complete Walkthrough

Introduction

This tutorial provides a comprehensive guide to setting up and deploying Windows Autopilot with Hybrid Azure AD Join using Microsoft Intune. It is designed for IT administrators who want to streamline device provisioning and management in enterprise environments. We will cover everything from prerequisites to troubleshooting tips, ensuring you have all the necessary information for a successful implementation.

Step 1: Understand Windows Autopilot and Hybrid Azure AD Join

• Windows Autopilot: A deployment technology that simplifies the setup and configuration of new devices.
• Hybrid Azure AD Join: A method that allows devices to be joined to both on-premises Active Directory and Azure Active Directory, facilitating a seamless user experience.

Step 2: Add Devices to Autopilot

Prerequisites

• Ensure the devices are registered with the Windows Autopilot service.

How to Register Devices

1. Export the hardware IDs from the devices.
2. Upload the CSV file to the Windows Autopilot service via the Microsoft Endpoint Manager admin center.

Step 3: Configure Automatic MDM Enrollment

Using Group Policy Objects (GPO)

1. Open the Group Policy Management Console.
2. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > MDM.
3. Enable the setting for automatic enrollment in MDM.

Step 4: Configure Autopilot Profiles in Intune

Creating an Autopilot Profile

1. Sign in to the Microsoft Endpoint Manager admin center.
2. Go to Devices > Windows > Windows enrollment > Deployment profiles.
3. Click on Create profile and define the settings for the user experience.

Step 5: Set Up Hybrid Azure AD Join

Configuration Steps

1. Ensure Azure AD Connect is installed and configured.
2. Validate the synchronization of Active Directory and Azure AD.
3. Set the appropriate join type in Azure AD Connect.

Step 6: Domain Join Connector Setup and Validation

Install the Intune Connector

1. Download the Intune Connector for Active Directory.
2. Install it on a server that can communicate with both your on-premises AD and the Intune service.
3. Validate the connection to ensure it is properly configured.

Step 7: Configure the Enrollment Status Page (ESP)

Setting Up ESP

1. In the Endpoint Manager admin center, navigate to Devices > Windows > Enrollment Status Page.
2. Create a new Enrollment Status Page configuration.
3. Set the desired status messages and conditions for when enrollment is considered complete.

Step 8: Run through the Out of Box Experience (OOBE)

Testing the Setup

1. Start a new device and go through the OOBE process.
2. Ensure the device connects to the network and starts the Autopilot deployment.
3. Monitor the enrollment status to verify successful configuration.

Step 9: Handle Common Issues

Troubleshooting Tips

• If devices fail to register, check the hardware ID registration process.
• Monitor Azure AD Connect synchronization for any errors.
• Use logs in Intune to diagnose enrollment issues.

Conclusion

By following these steps, you can successfully set up and deploy Windows Autopilot with Hybrid Azure AD Join using Microsoft Intune. This process enhances device provisioning and management, making it easier for IT administrators to maintain enterprise environments. For further exploration, consider diving into specific troubleshooting techniques or advanced configurations based on your organizational needs.