44. Auto-enroll Hybrid Azure AD Joined Devices to Intune Using Group Policy 

Bhai it was awesome video so much clear explanation i have seen thousand videos u r the best

thanks for all your efforts , you are a great instructor

Thanks you so much. It's very clear and helpful.

Well explained!

Thank you so much for this video, it was a great help. I thought it was funny how long it took to sync the device's owner and MDM, but from my experience this seems to be quite common. I typically have to wait a few minutes for the results to display on the Azure side, when a sync is forced through the Access Work or School functionality. It typically takes even longer if I wait for an automatic sync.

Nice job ...

This is a wonderful video, and I've learned a lot. Keep up the great work.

Great Video! keep creating more such videos!!! thank you!!!

I have learned a lot from you, thank you sir ❤❤

Thx for providing informative videos🙂

Informative as usual. thank you

Great video, pls do not stop doing such videos.

👍👍👍👍👍👍👍👍 thaaaank youuuuuuuuuu

Hi all, There are two options available to encrypt drives: Option 01. under Endpoint Security > Disk Encryption and Option 02. through device configuration profiles. The requirements include saving the key to Azure AD and AD, with the need for silent encryption without a user interface. My question is, Q1. for SILENT BITLOCKER ENCRYPTION, which method should we choose, Option 01 or Option 02? Q2. If we create a profile only under Endpoint Security > Disk Encryption, will the encryption work? Q3. Or do we need to define BitLocker configuration in Endpoint Security, and use the same settings in the profile under device configuration? Q4. And same group assignment for profile created in option 1 and option 2.?

hi buddy thanks for your video, a quick question when we auto-enroll all hybrid joint devices to intune does that import all the devices in AD or hybrid joint or only those devices that are logged on with valid/active users using them? As I have AD with a lot of old devices still in (I need to do some housekeeping), if it only enrolls the devices actively in use then that makes my life easy. thanks

When the upn suffix is changed and I login with the new upn suffix does it create a new profile and do I need to migrate user data?

We have 100 users with laptops and they all are On-Prem AD joined. We also have Azure which is syncing with On-Prem. What is the best way to deploy intune for these existing laptops without resetting or wiping any data?

Is this method work for SCCM CO-MANAGE TO INTUNE MANAGE TRANSFERRING?

I have a problem. My local domain is the same as the one displayed online. It seems like that it never gets enrolled to the MDM correctly, do you know why? What can I do?

Thanks for sharing this how to video. My question is our users' UPN onprem and in M365/Azure are the same and yet the MDM status is still says "None" even after following your procedure (minus adding the Trust part in AD). Any ideas, TIA.

Does the end user computer need to have the "Company Portal" installed on the device for it to register in Intune? Through all the docs I've seen for Hybrid AAD Join it hasn't been mentioned. But in discussion with some of my colleagues it seems like it might be

Hi, I have managed to enroll hybrid device, and add device to intune as well, adn the link you sent me on another video, i have managed to sync AAD user to AD as well, my only concer is, when we logged into device with that synched user, how can we confirm if that is local AD one or AAD one, coz its not showing that AAD logo on user when signed in. As the windows initial setup is different for both local AD and AAD user as AAD user comes up with windows hello setup via intune.

If I joined Intune using hybrid AD and MDM shows Intune, will it affect the PC connection to Intune when my physical server dies?

hello, thanks for the video. One thing I am missing in the MDM folder in GPO editor is Enable automatic MDM enrollment using deafult AZURE AD credentials. My DC is running on Win Server 2016. How can I fix this issue? Thanks again

Hi I'm not getting the option in GPO to enable automatic enrollment what should i do.

I have followed exact same steps, but I am missing INFO button under Windows Settings > Accounts. I confirmed machine is showing as Hybrid AD Join, and MDM Scope is enabled for this particular group of machines. Azure AD Connect is installed with proper credentials, and GPO is enabled for MDM. The machines are populating in Azure AD with Hybrid AD Join, but not showing in Intune.

Is there a document that summarizes this? It would be a 5 minute read instead of 20 minutes to watch this.

Hi, I don't have on premises window server environment but I only have Azure AD only. Then how can I implement GPO and print service to the devices link with Azure AD?