Automatic enrollment for Hybrid Azure AD Joined Devices
Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.
Going to add to this that requiring TPM 2.0 or requiring user input is uniquely limiting for enrollment of existing devices into InTune vs any other endpoint management / MDM for windows.
Not sure why it is necessary when a domain and azure AD trust are already in-place. It makes it a huge pain to enroll shared meeting room devices and kiosks that auto login and do not have any Azure ad logins being used on them.
Ryan Morash commented
This was added in Windows 10 1709 (Fall Creators Update): https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
Also really missing this feature. Customers moving to Azure AD and the new "modern management" now have 2 bad choices
1) Add another on prem system to manage devices. But they are transitioning to all cloud. They want to get rid of it
2) They have to manually enroll, which is causing extra work. So they might decide to postpone the transition to the AAD
Why is this not implemented? Other things, like the Windows E3/E5 upgrade are triggered correctly when the first users logs in to the device. All the MDM URL's are provisioned correctly (dsregcmd shows it). So it shouldnt be too hard?
This really is a big issue for us at the moment. Many companies already have a domain on prem and there should be a way to automatically add these devices to Intune. Hybrid Azure AD join is good (I can see the device in Azure) but this is quite pointless if it doesn't auto-enrol the same as Azure Domain Joined devices. If this isn't possible, is there a script or anything that can be pushed via GPO to enrol users/devices in to Intune?