Now that we have add the existing computers to Azure AD in the Hybrid Join mode, there are few more steps that needs to be completed before adding it as an Intune managed device.
Just the tip of the iceberg
This part only shows how you can add the device in to Intune for MDM and MAM. You will still have to create the Device Configuration profile(s), add apps and combine it all together in a Policy Set by assigning user groups to it and also create the Endpoint Security profiles.
A GPO that needs to be applied to the Hybrid Azure AD joined computers so they will be added to the Intune portal.
Application: Win 10
Computer Configuration > Administrative Templates > Windows Components > MDM > Enable Automatic MDM enrollment using default Azure AD credentials > Set to Enable with User Credentials
Once this is applied, make sure you run the AAD Sync (Delta sync) once and get the user to log off and login back to the computer.
Intue will now reguster this device and you can now start pushing the policies and manage just as an Autopilot’d computer.
Additionally, if you think you might need to run Autopilot on the machine, manually import the device ID of the machine in to Windows Autopilot devices list and next time if you need to reset the computer and need Intune to take care of the rest of the work.
Need to add the device manually. How to get the device ID?
Run the below command on PowerShell and grab the file AutoPilotHWID.csv that stored in C:\HWID
New-Item -Type Directory -Path “C:\HWID”
Set-Location -Path “C:\HWID”
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
Now go to the Intune Portal > Devices > Enroll Devices > Go to Devices under “Windows Autopilot Deployment Program” > Import > Select the output file of the above script > This will upload the file into the portal and enroll the device successfully to run the Autopilot next time.
feature image: Plane Vectors by Vecteezy