Great tutorial...thanks heaps!

I have to say, I was expecting Hybrid Join to be a lot harder than this video made it seem. I suppose you did a good job showing the pitfalls so I could avoid them.

Great video

Great! Don't give up :)

We learn most from our mistakes, Great video

@theCMC

2 жыл бұрын

So true! I definitely learnt a lot from making this video, and also from the community that watched it and told me where I went wrong! 😀

@rossnorris

11 ай бұрын

@@theCMC so? where did you go wrong? cause this video ends with the error message but not showing how you fixed it

Great video....very appreciated....sysadmin to sysadmin...I fully understand the frustration! Thanks for keeping it real! lol

@theCMC

Жыл бұрын

Glad it was helpful :-) Try again. Fail again. Fail better.

Thanks for the video. When testing for myself I would get stuck at a different stage. It would just not get past the device preparation, preparing your device for mobile management. Any ideas?

where is the next vedio

Hi can some kindly provide the steps to setup windows 10 Hybrid AD joined? I can't figure out the MS documentation. I have federated domains, on-premise AD syncing to Azure

Another great one. How does Intune knows if it should use Hybrid or AADJ? Do you specify this with a dynamic group? Because when creating the deployment profile and assigning this to a group the device picks up the profile. So i assume you would create a specific rule in the dynamic group?

@theCMC

Жыл бұрын

Thanks. This is determined by the AP profile that is targeted at the device. You can see which profile a device will use in the Autopilot devices list.

Should I rather go for Hybrid Azure AD Joined Autopilot or Hybrid Azure AD Joined GPO Enrollment ? How to choose ?

Hi! it helped us to configurate our Hybrid Autopilot. But we want to renamed our computer with NBK-%SERIAL%, it does not work with the hybrid Autopilot. I created a new profil, that could rename the computers but it did not work. Do you have any advice how could we rename our computers with Hybrid Autopilot to NBK-%Serial%? Thank you!

Thanks for the video but my machine cannot reach the domain

Autopilot Hybrid AD Joined has never worked for me, we use Global protect VPN all I want is to see my Machines are showing in AD as well as Azure, I have followed all the steps and have watched may you tubes but still not managed to achieve what i want , pleas could some one help. thanks

Did you ever do a follow up to this video?

@theCMC

2 жыл бұрын

Yep. Troubleshooting overview: kzread.info/dash/bejne/q6B4ldp8j9Ctes4.html And testing our removing the UserESP: kzread.info/dash/bejne/k6Z8prGTaMjMcaQ.html

should you do hybrid windows autopilot?

I followed this guide and successfully got the device registered as an Autopilot device in Intune. I also see the deployment profile is assigned to the device, however it is not showing up or getting created under the OU which I've delegated to the server hosting the connector. This OU is also part of the synced OU's in AAD. Any ideas on what could be missing or where I should start to check?

@user-vs6zv4gz8n

10 ай бұрын

I am having the same issue, have you figured it out?

Hi thanks for the video you have the second video or continue because I have the same error after you finish said something was wrong please I want to see how you fix thanks

@theCMC

2 жыл бұрын

Here you go :-) kzread.info/dash/bejne/k6Z8prGTaMjMcaQ.html

@dragonesmiguel

2 жыл бұрын

Thanks but now they said. We couldn't finish MDM enrollment. Error 0x80180014. Please can you help 🙏 thanks

Are there any benefits to using AutoPilot for hybrid rather than our current deployment tool? Or is it just a good preparation step in moving towards cloud-only devices?

@theCMC

Жыл бұрын

In my opinion, there are very few benefits to moving to Hybrid AP. It’s significantly less good than Cloud AP, and it’s much more complicated and cumbersome than most existing solutions for OS deployment of on-prem devices. It is not a good prep step for moving to Cloud Only, either. Just don’t do it.

@blirt1653

Жыл бұрын

@@theCMC Haha, thank you. I gathered by the end of the video it wasn't worth the hassle. Thank you and good day!

@theCMC

Жыл бұрын

Good luck with KCT! I need to do a video on that soon.

@theCMC

Жыл бұрын

Looking forward to it!

Hybride Join is not easy, can you tell me how would you do hybrid join wen one of your user in a another country works. 1.You must configure Root PKI and sub-root PKI Server. 2. U Must install certificate connector. 3. You must configure your Firewall VPN to login with Certificate and to create for every connection a certificate. 4. Create a Skript on INTUNE for Connect before login. Now I have configure that and I can say you that INTUNE is a big deal. To your error Problem check you Profile enrol.

when we deploy windows via autopilot- it still have some HP applications(using zbook firefly). How can i have a machine with no other applications

@theCMC

Жыл бұрын

You have 2 options here. 1) for existing devices yet to be built, rebuild the device with a clean image from MS 2) for existing devices that are managed, perform a Wipe or Fresh Start 3) for new devices that are yet to be ordered, ask HP for an Autopilot-ready machine

I got error when signing into device, did you made an troubleshooting video

@theCMC

Жыл бұрын

Fix Hybrid Autopilot - this did NOT go well kzread.info/dash/bejne/k6Z8prGTaMjMcaQ.html

Hello, I am configuring autopilot hybrid join. I finished setup everything. However, devices don't show up in on-prem active directory. Have you ever gotten the same issue? Devices show up in intune but not in active directory

@misterknoppygnome

6 ай бұрын

Same issue here! Some populated in AD just fine, and others in the same group with the same profiles assigned do not.

@-_Andreas_-

4 ай бұрын

@@misterknoppygnome did you check the events on the server that hosts the intune connector? some machines will work for me, say 20 installs or sometimes as few as 1, then next fails the offline domain join.. only thing that seems to help then is to add them again in autopilot. autopilot feels so random with what and when things work

One thing that has stopped me from using autopilot is the inability to name a device in the process. We label our workstations as LT(for laptop)-username so that we can easily identify them and connect to them for management. I didnt see a way to name the devices when doing onboard. Is this still the case? We used to use SCCM in a past life and we could do so when we imaged a new system, but dont see that in the Intune / auto pilot (specifically with hybrid ad join).

@theCMC

2 жыл бұрын

Correct, you can only add a prefix and a random number, or the serial number in the autopilot workflow. I’ve seen organisations use this approach, then rename the device with a script. Personally, I avoid using the device name as a descriptor for the device - I have that information in Intune anyway. Also, as an aside, using the username in the device name would allow an attacker to quickly learn the username that has cached credentials on that device.

@Shadowwolf975

2 жыл бұрын

Actually, i dont know if this has been updated, but you can indeed change the name of the device, as long as you know the service tag number, goto: microsoft endpoint manager > Devices > Enroll Devices under Windows Autopilot Deployment Program click Devices, select the computer service tag you want to name, and you can name the device from there, it will automatically set the name when you go through autopilot. and this may differ on hybrid, im uncertain, which is exactly why im here haha.

@theCMC

2 жыл бұрын

Thanks Bear. This has been true for a while but I didn't think to highlight it. Great advice, thanks. Oh, and that's why we're all here :D

@TheImpulseIT

Жыл бұрын

@@Shadowwolf975 Came to the comment section to found your solution, and when cheking, the tooltip pointed out that it doesn't work for hybrid ad deployments. 😞

Thats exactly the same error message I get when trying to setup Autopilot on my companies domain

@theCMC

3 жыл бұрын

Having edited the video, I can't see what I did wrong. Next up I'll be recording a video of the troubleshooting, so you can see how that goes!

@Phil3163

3 жыл бұрын

@@theCMC The problem here is that you need to disable the User part of the Enrollment Status Page (ESP). Because you're doing hybrid join, stupidly, Intune isn't actually aware of the device yet (Autopilot is, but not Intune/Endpoint Manager). The device is required to sync to Azure AD before it will be fully functional. Unless you're lucky enough to catch it just before it's automated sync (every 30 minutes or so), you're going to get an error. Disabling the user ESP fixes the error, but you won't get your compliance policy, config policies, software from Endpoint Manager...etc, until the device is synced through the Azure AD Sync, and the device checks in for it's policies.

@Queballification

2 жыл бұрын

@@Phil3163 Hiya! I am looking at my ESP and do not see a area where I can disable a user part of the page. Maybe I am over thinking it but if you can point me further down that road I would be greatful

@bettlejuice.

2 жыл бұрын

@@Queballification Devices>Enroll Devices>Enrollment Status Page

@shadizaidan7952

15 күн бұрын

i have also the issue but I don't know how to fix I call microsoft but also they didn't fix do you found a solution?

Hi can some kindly provide the steps to setup windows 10 Hybrid AD joined? I can't figure out the MS documentation. I have federated domains, on-premise AD syncing to Azure.