This is so helpful as someone who is looking to migrate from AD to AAD.

Hey Andy love your work. Doing some intune work with hybrid devices and would love an updated version of this ;)

Hi Andy. Great videos by the way. just for clarity but you absolutely can manage machines that are Azure AD Hybrid joined using Intune. We do exactly this. You need to enable a group policy that enrolls the device in MDM first. The setting is under Computer\Windows Components\MDM 'Enable Automatic MDM Enrolment using default Azure AD credentials'. Our client machines are currently joined to our on premise AD but are co managed in Intune, the idea being that we slowly but surely shift management of the endpoints away from group policy and into Endpoint Manager over time. Eventually, we'll be in a position to have all our endpoints completely cloud native ☁️

You help me and my partner so much in getting our O365 to Intune. Part of our cmmc certification and securing our tenant.

Another cracking video Andy!

I'm a subscriber of your channel, and i will follow you all of the time. i do appreciate all of you videos . continue

Great informative video sir! Many thanks.

great learning videos, thanks for uploading them Andy

Hi Andy, What is the downside of joining my 90 odd PC's and Laptops to Hybrid Azure AD? I want to get rid of Sophos Intercept X (cost) and use Microsoft Defender/Endpoint instead (that we are already licensed for), and for that we need to go down the route of enrolling in Intune. The process seems easy enough to do (via our already running AAD Connect on a DC) but you seem (from what you said at the start) to not like Hybrid joining? I am in no real hurry or any real desire to give up my On-Prem environment with all my GPO's, fileshares, SQL based accounting package etc ;)

Hi Andy , this is great man ! keep it up. Thank you for this amazing video.

After azure joining what credentials did you sign back with? AD credentials or Entra ID credentials?

Hope to be a guru one day thanks to you.For now just a basic computer technician.Just discover you chanels few days ago and subscribe right away.Thanks

Hi Everyone, I just upgraded our users from Windows 11 Home to Windows 11 Pro. Some were able to join Join this device to Azure Active Directory but two of our users don't have the Join this device to Azure Active Directory option.

Hi Andy, Great Video. My tenant has a whole bunch of devices I have connected to the basic Azure AD, I want to move them to intune. What's the process to move them from Azure to Intune?

Today, I was testing a PC to join AAD (we usually do the Autopilot route), but I couldn't see the "Join this device to Microsoft Entra ID", just missing. I found a forum where somebody mentioned switching the workgroup from WORKGROUP to MSHOME, so I tried that. After the reboot, I was able to see the option. Do you know if this is documented somewhere?

I enjoy your videos, I have one question: do you have to use answer files with deploying software apps in Intune?

quetions: 1. can I use intune to depoly app to the Hybrid Azure AD Joined Devices? 2. other than using GP, can I set configuation profiles in tune and deploy to the Hybrid Azure AD Joined Devices?

Many Thanks for your work and affords. I've red that Hybrid Azure AD joined devices require network line of sight to your on-premises domain controllers periodically. If I've added device to on-prem AD and logged in under domain user, then that device has been given to the user who won't have that periodic connectivity. Does it mean the after some time that user won't be able to login under domain account?

He'llo Andy Give me answer please I have very basic requirement that normal users cannot install any software without admin privileges. Please guide me. As some policy I used but it restrict only from installing app from windows app store only but over all so when they need I can use admin privileges to install any software or application in windows intune devices

Great Andy! Thanks

Hi Andy, does each user who logs into a device managed by Intune, needs to have an Intune license or just the admin has to have it? Thank you

Hi Andy, why is the Azure user JoniS an administrator after the device has been registered with the name? It's the same for me, but that can't quite fit if JoniS is not an administrator at all. I couldn't register the device with a local account, so not admin. The selection for this was not displayed.

Thank you for information Andy, it is very clear and easy to understand. Could you please explain the difference between accessing corporate data on a personal laptop if using the Microsoft Company Portal app compared to the option within 'Settings' > Account > 'Add a Work or School account'?

The Video is indeed for me...Thank you so much for your efforts. one question from my end. How will we join AD installed in Server 2012 users and computers to AAD. are the existing Group Policies will Apply post sync to AAD? OR do we need to add different roles to Computers /Devices in AAD For Managing them.?

Hi Andy great video. I have 40 laptops not in On-premise AD and 40 in On-premise AD. We like to use intune for mangement. How do we go from here? AD server is Windows 2022. All run win 10 and 11 (with Office 365 business premium) Im thinking of letting all laptops join Azure AD and connect the AD server to Azure. That will give a mix of computer only in Azure AD and some in On-premiere AD, connected to Azure. Will that work? Or do we need to let all devices join on-premise AD before connevting the server to Azure

I'd like to thank you for this Great efforts it's very helpful

Awesome Video

Thank you for that info, what is the difference between account protection Intune vs Device administrators?

Why can I not use Group accounts to assign to "Device Administrator, Assignments"? It only shows users.

This video was meant for me no doubt about it. Our organization recently implemented a Teams VoIP telephony with yealink desk phones. The issue we are experiencing is some devices are not completing the sign up process on Company portal for intune and these are all Android OS devices. Is possible Andy to do a video on enrollment of Teams Android based desktop phones which will include MDM & Conditional access of these devices

Hi Andy, is it possible to add a device to Intune after they are already registered with Azure AD? I have enabled MDM for some users, added a security group, and included the usesr in the security group. However, when the user logs on, their Azure AD device doesn't enrol in Intune, all users have Office 365 premium licenses

how to join the device as standard user type using the Azure active directory method.

So outside conditional access theirs no real point to have Azure AD devices being hybrid enrolled?

Thank you for the video Andy, is there any way to unjoint on-premises devices and join them to Azure AD without having users create a new profile?

Hi Andy, as always a fantastic insight. However, i have a question that no one putting up videos of Azure AD joining seems to cover. When you login to a device as the admin and join a standard user to AAD, it seems to then turn them into an administrator (presumably of the device they are logged in to). This can't be a good practice, surely. So how do you join them as standard users?

The Best!!!

Hi Andy, what about Azure registered devices? It's registered the same way as Azure joined. I can't really see the difference. Thank you for your informative videos!

say you have a small office of around 25 works (to be 30 next year) and they work in 3-shift and only 10 laptops that are shared at each shift. - can we prevent user from joining device to Azure AD or Intune ? - can an admin join them to azure ad + Intune, and allowed the staff to sign-in to any of the device using their azure account and allows their settings to follow them ? - I don't want an ADDS Server, just Cloud only system { Microsoft 365 Apps }

When joining AzureAD, what happens to the computer local User accounts- are they still there?

How to Microsoft Entra join existing windows server vm ??

@8:40 😍😍✔✔

Cool 😊

6:00 The Azure Directory option has been removed. When I log into my work account that account is added to my personal Microsoft account. I cannot then log in or out the two accounts as I used on Win 10. I see one log in with 2 accounts. This is NUTS ! EDIT - I am using Win 11 Home, I presume I need to install Win 11 Pro to get Azure?

How can you do this without knowing Joni's or Aaron's passwords?

Hi - I have a question, maybe someone has an answer - I tried to connect my laptop to customers Azure network and got message on the screen that my laptop is registered with another Azure domain and welcomed me to connect to that Azure domain - any ideas what it is - some kind of protection? Thanks a lot!

how do you enable Intune Auth?

Hiiii sir, this is anandhakumar from India Chennai I learning windows server how to I get job in abroad any app is there in playstore

thanks lot

10:14 I wish you showed how this was actually done!

It doesn't make sense having usernames like that