Setting up Autopilot to join Hybrid Domain - brian-anderson01/Capstone GitHub Wiki

  • The first step in getting the hybrid domain join setup is installing the Intune Connector on your DC by doing the following:
    • Login to the Intune portal
    • Select Devices -> Windows -> Windows Enrollment -> Intune Connector for Active Directory -> Add -> Click on Download the on-premises Intune Connector for Active Directory.
    • Run the exe on your DC
    • Agree to the licensing and click install
    • Once the install finished, click Configure Now
    • Next, click sign in and sign in as an Azure/Intune admin with an Intune license
    • Once signed in, you should see that the Intune connector has successfully enrolled
    • The DC should also show in the list in Intune on the page where you downloaded the exe
  • Now that the connector is installed, we need to delegate control to it so that Autopilot works correctly
    • Open Active Directory Users and Computers
    • Create a new OU, or use an existing one
    • Right click the OU and select Delegate Control
    • Click Next, then Add
    • Now, add your DC's computer object and click next
    • Choose Create a custom task to delegate and click next
    • Click the circle to only allow the following objects, then check, Computer objects, Create selected objects and Delete selected objects, then click next
    • Under permissions click Full Control, then click next
    • Finally, click finish
  • Now we need to setup Autopilot in Intune
    • In the endpoint manager navigate to Devices -> Windows -> Windows Enrollment -> Deployment Profiles
    • Click Create profile at the top and choose Windows PC
    • Name the profile and Choose Yes for Convert all targeted devices to Autopilot
    • Set deployment mod as user-driven
    • Set join to Azure AD as Hybrid Azure AD Joined
    • If you're deploying devices off of the domain's network, set the Skip Domain Connectivity Check option to Yes
    • Click next
    • Assign the profile to your preferred groups and/or devices then click next
    • Finally, click create
  • Now we just need to make a configuration profile
    • Select Devices > Configuration profiles > Create Profile
    • Select windows 10 and later for platform
    • For profile type select Templates -> Domain Join -> Create
    • Input a name and description, then click next
    • Input a computer name prefix and the full name of your Domain
    • For Organizational Unit input the OU in DN format that you delegated control to earlier
    • Click next
    • Assign the profile to your desired groups/devices and click next
    • Set applicability rules, or skip by clicking next
    • Finally, click Create
  • Finally, the autopilot deployment can be tested. Install windows on a VM or computer and get to the initial setup. After selecting language, keyboard layout etc., choose setup for an orgainization, then sign into an Intune licensed user.
  • Once logged in, Autopilot should begin and you should see a screen similar to the one below:
  • One Autopilot goes through all of the steps and reboots, your device is ready to go and should already have Intune profiles enforced on the system.