Hybrid Windows Autopilot - Step by Step - How hard can it be?
HTML-код
- Опубликовано: 3 авг 2024
- With Intune and Windows Autopilot, we can deploy computers that are joined to both the On-Prem Active Directory and Azure Active Directory.
There are very few real-world videos showing this process, so in this video, we go through all the required steps to get this up and running.
#hybrid #windows #autopilot
The Cloud Management Community is YOUR community for Cloud Management, Mobile Device Management and Microsoft Endpoint Manager. Join the discussion on Twitter (@the_cmcommunity) and subscribe to be notified when we go LIVE.
Dean Ellerby is a Microsoft Enterprise Mobility MVP, Microsoft Certified Trainer, Organiser at CloudManagement.Community, Contributor at Petri.com and a Senior Security Architect at Open Systems. He's on Twitter @dean_ellerby. Any views or opinions expressed here are his own.
0:00 Why did I make this video?
0:45 Step-by-step
1:35 Grab the hardware hash (the easy way!)
2:45 Download Intune Connector for AD
3:45 Install the Intune Connector for AD
4:35 Configure the connector
5:40 Delegate Domain Join permissions for the Intune Connector
7:58 Create a new Deployment Profile
9:50 Create the Domain Join Profile
11:57 Check on the AP device import status
14:14 What happens if I change the AP profile for an existing device?
15:35 First login!
16:51 Not going well...
18:21 I am defeated! 
Наука
![Jordan Adetunji - KEHLANI REMIX (feat. Kehlani) [Official Video]](http://i.ytimg.com/vi/EeJ8n5PxFGE/mqdefault.jpg)
Great tutorial...thanks heaps!
I have to say, I was expecting Hybrid Join to be a lot harder than this video made it seem. I suppose you did a good job showing the pitfalls so I could avoid them.
Great video....very appreciated....sysadmin to sysadmin...I fully understand the frustration! Thanks for keeping it real! lol
Glad it was helpful :-)
Try again. Fail again. Fail better.
Great! Don't give up :)
Great video
We learn most from our mistakes, Great video
So true! I definitely learnt a lot from making this video, and also from the community that watched it and told me where I went wrong! 😀
@@theCMC so? where did you go wrong? cause this video ends with the error message but not showing how you fixed it
Thanks for the video. When testing for myself I would get stuck at a different stage. It would just not get past the device preparation, preparing your device for mobile management. Any ideas?
Another great one. How does Intune knows if it should use Hybrid or AADJ? Do you specify this with a dynamic group? Because when creating the deployment profile and assigning this to a group the device picks up the profile. So i assume you would create a specific rule in the dynamic group?
Thanks. This is determined by the AP profile that is targeted at the device.
You can see which profile a device will use in the Autopilot devices list.
Hi can some kindly provide the steps to setup windows 10 Hybrid AD joined? I can't figure out the MS documentation. I have federated domains, on-premise AD syncing to Azure
Thanks for the video but my machine cannot reach the domain
Hi! it helped us to configurate our Hybrid Autopilot. But we want to renamed our computer with NBK-%SERIAL%, it does not work with the hybrid Autopilot. I created a new profil, that could rename the computers but it did not work.
Do you have any advice how could we rename our computers with Hybrid Autopilot to NBK-%Serial%?
Thank you!
Should I rather go for Hybrid Azure AD Joined Autopilot or Hybrid Azure AD Joined GPO Enrollment ? How to choose ?
Hi thanks for the video you have the second video or continue because I have the same error after you finish said something was wrong please I want to see how you fix thanks
Here you go :-)
ruclips.net/video/arHDOZ8efAA/видео.html
Thanks but now they said. We couldn't finish MDM enrollment. Error 0x80180014. Please can you help 🙏 thanks
I followed this guide and successfully got the device registered as an Autopilot device in Intune. I also see the deployment profile is assigned to the device, however it is not showing up or getting created under the OU which I've delegated to the server hosting the connector. This OU is also part of the synced OU's in AAD. Any ideas on what could be missing or where I should start to check?
I am having the same issue, have you figured it out?
Are there any benefits to using AutoPilot for hybrid rather than our current deployment tool? Or is it just a good preparation step in moving towards cloud-only devices?
In my opinion, there are very few benefits to moving to Hybrid AP. It’s significantly less good than Cloud AP, and it’s much more complicated and cumbersome than most existing solutions for OS deployment of on-prem devices.
It is not a good prep step for moving to Cloud Only, either. Just don’t do it.
@@theCMC Haha, thank you. I gathered by the end of the video it wasn't worth the hassle. Thank you and good day!
Good luck with KCT! I need to do a video on that soon.
Looking forward to it!
Did you ever do a follow up to this video?
Yep.
Troubleshooting overview:
ruclips.net/video/ylD3xC_mGJk/видео.html
And testing our removing the UserESP:
ruclips.net/video/arHDOZ8efAA/видео.html
Autopilot Hybrid AD Joined has never worked for me, we use Global protect VPN all I want is to see my Machines are showing in AD as well as Azure, I have followed all the steps and have watched may you tubes but still not managed to achieve what i want , pleas could some one help. thanks
Hybride Join is not easy, can you tell me how would you do hybrid join wen one of your user in a another country works.
1.You must configure Root PKI and sub-root PKI Server.
2. U Must install certificate connector.
3. You must configure your Firewall VPN to login with Certificate and to create for every connection a certificate.
4. Create a Skript on INTUNE for Connect before login.
Now I have configure that and I can say you that INTUNE is a big deal.
To your error Problem check you Profile enrol.
when we deploy windows via autopilot- it still have some HP applications(using zbook firefly). How can i have a machine with no other applications
You have 2 options here.
1) for existing devices yet to be built, rebuild the device with a clean image from MS
2) for existing devices that are managed, perform a Wipe or Fresh Start
3) for new devices that are yet to be ordered, ask HP for an Autopilot-ready machine
where is the next vedio
I got error when signing into device, did you made an troubleshooting video
Fix Hybrid Autopilot - this did NOT go well
ruclips.net/video/arHDOZ8efAA/видео.html
Hello,
I am configuring autopilot hybrid join. I finished setup everything. However, devices don't show up in on-prem active directory. Have you ever gotten the same issue?
Devices show up in intune but not in active directory
Same issue here! Some populated in AD just fine, and others in the same group with the same profiles assigned do not.
@@misterknoppygnome did you check the events on the server that hosts the intune connector?
some machines will work for me, say 20 installs or sometimes as few as 1, then next fails the offline domain join.. only thing that seems to help then is to add them again in autopilot.
autopilot feels so random with what and when things work
One thing that has stopped me from using autopilot is the inability to name a device in the process. We label our workstations as LT(for laptop)-username so that we can easily identify them and connect to them for management. I didnt see a way to name the devices when doing onboard. Is this still the case? We used to use SCCM in a past life and we could do so when we imaged a new system, but dont see that in the Intune / auto pilot (specifically with hybrid ad join).
Correct, you can only add a prefix and a random number, or the serial number in the autopilot workflow.
I’ve seen organisations use this approach, then rename the device with a script.
Personally, I avoid using the device name as a descriptor for the device - I have that information in Intune anyway.
Also, as an aside, using the username in the device name would allow an attacker to quickly learn the username that has cached credentials on that device.
Actually, i dont know if this has been updated, but you can indeed change the name of the device, as long as you know the service tag number, goto:
microsoft endpoint manager > Devices > Enroll Devices
under Windows Autopilot Deployment Program click Devices, select the computer service tag you want to name, and you can name the device from there, it will automatically set the name when you go through autopilot.
and this may differ on hybrid, im uncertain, which is exactly why im here haha.
Thanks Bear. This has been true for a while but I didn't think to highlight it. Great advice, thanks.
Oh, and that's why we're all here :D
@@Shadowwolf975 Came to the comment section to found your solution, and when cheking, the tooltip pointed out that it doesn't work for hybrid ad deployments. 😞
should you do hybrid windows autopilot?
Thats exactly the same error message I get when trying to setup Autopilot on my companies domain
Having edited the video, I can't see what I did wrong.
Next up I'll be recording a video of the troubleshooting, so you can see how that goes!
@@theCMC The problem here is that you need to disable the User part of the Enrollment Status Page (ESP). Because you're doing hybrid join, stupidly, Intune isn't actually aware of the device yet (Autopilot is, but not Intune/Endpoint Manager). The device is required to sync to Azure AD before it will be fully functional. Unless you're lucky enough to catch it just before it's automated sync (every 30 minutes or so), you're going to get an error. Disabling the user ESP fixes the error, but you won't get your compliance policy, config policies, software from Endpoint Manager...etc, until the device is synced through the Azure AD Sync, and the device checks in for it's policies.
@@Phil3163 Hiya! I am looking at my ESP and do not see a area where I can disable a user part of the page. Maybe I am over thinking it but if you can point me further down that road I would be greatful
@@Queballification Devices>Enroll Devices>Enrollment Status Page
i have also the issue but I don't know how to fix I call microsoft but also they didn't fix do you found a solution?
Hi can some kindly provide the steps to setup windows 10 Hybrid AD joined? I can't figure out the MS documentation. I have federated domains, on-premise AD syncing to Azure.