Return of key functionality for Windows Autopilot sign-in and deployment experience

More details on the below magic : 

"Autopilot will automatically attempt to reregister the new hash and deregister the old."

I am sorry to say, but I think that this is not working. I have tried and the result is a relatively long list of devices with 'Attention required'. This is a problem as the only way to solve that is to remove and reassign the device.  I had to inform my users that unfortunately, we need to ignore this and manually reassign all devices which have got a new motherboard.  My thoughts about Autopilot is that I will not use it in the future and I will not recommend it. I am sorry to say, but I don’t think this is a technology that can be used in middle - big enterprise. Too much administration. I have never had so much need to open cases at Microsoft support and it is a pain to run those cases - usually about refurbished motherboards which cannot be assigned as they are still registered in another tenant. Usually, a long procedure for each device, a lot of mails and telephone calls from India… Takes about 7 - 10 days appr. Pr. Device to resolve. My point autopilot as it is - is a good idea but the tool and the procedures connected to it are not suitable for enterprise. sorry.

LenkaP - This is what we have been doing for our Lenovo X1 Yoga (Gen 6) devices as well. Any attempt to get the device to recognize and show up in the Windows AutoPilot Device list as Attention Required has failed for us, we just keep getting the same error. Without anything to trigger that state, we just delete the records and re-populate.

The downside to that is now under the AutoPilot Device list, the devices that have been nuked that way show up as no Order Number in the Purchase Order column, and it's a lot more steps than this article had led us to believe. 

Intune_Support_Team - Is there anything else we should be doing to get this to work?

After many attempts how to solve the motherboard replacement in the most efficient way for us (IT, little bit ignoring user perspective now), we decided to go just always with Removing Records from Intune and Azure, installing fresh Windows and then joining the device back to our Intune. This is the only way, how we are 100 % sure device is connected, with our profile and not miss anything in the future.

All of the MB replacement scenarios mention reimaging of the device which might not be acceptable for many users who got their MB replaced and they have a lot of customizations on their device. What is the recommended way of handling such scenario - user has Autopilot device, Dell device got its MB replaced, and now we're facing TPM errors on the device, Teams is not working etc. which are preventing the user from working but we want to keep the device state without reinstalling?

Device in the Autopilot list is reporting as "Attention Required" which says "A hardware change was detected on this device. It won't automatically receive an Autopilot profile when it's reset unless you register the device again".

I used the command "dsregcmd /forcerecovery" which seemed to reissued the AAD and Intune certificates which fixed the TPM errors, registered the device in Autopilot again using Get-WindowsAutoPilotInfo, however, there are two Autopilot objects for the same device now, there are still some issues and I'm not sure how to proceed in such cases in general.

Is there any recommendation which process to use without reimaging the device?

PJM02860 

Nah… we are at a point where a new business class PC should be expected to have a clean and up to date copy of Windows Pro, their drivers should install and update through Windows Update and software should be available in the Store.

To make it easier to find vendors and products that have made the transition to modern management practices, I have started a community maintained spreadsheet, "Modern Windows Management Database".

https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A

Please help by contributing your findings to it. Like, which PC models you have had to inject RAID drivers for.

This may be old information but for Resets, updating the winre.wim file with required storage/network drivers based on the hardware you are using, is required.  Having to swtich from RAID to AHCI usually means the storage driver is missing. 

Ztdid now i got it. Please use a fresh Win10 21h2, 22h2, Win11 22h2, including October 2022 CU! 

Ztdid , "Its time consuming to delete records and manually wipe them."

Perform the Wipe first. Intune automatically deletes the object after the device reports the wipe has started.

Maybe I missing some tech background, but could you confirm me, that if we run pre-provision environment and motherboard will be replaced what are the next steps to be able to get he machine to work?

Because it was my understanding I will simply sign to Windows and Intune should repair the hash. We don't need to delete any records etc???

Could anyone please confirm this, because this is the workaround I used. Motherboard was replaced, I signed to Windows, then there was message that our Device is having problem with work or school account, where I could click sign in, which triggered joining this device to AD Azure. I could NOT see any meesage on Endpoint with Profile status (it was signed from the first moment, when device joined Azure AD), but I can see 2 devices with exactly same name on Endpoint - just the old device keep icon for Windows autopilot device, which makes me nervous.
Intune_Support_Team