Event banner
Event details
Is any work planned, or underway, to make Intune and Entra ID enrolments on Windows PCs in an AD/EID hybrid environment a bit more robust?
We're regularly coming across machines, sometimes several per week that just stop correctly checking in with EID and Intune, causing updates to stop, etc. We're currently having to use commands such as dsregcmd /leave to force the client to remove itself from Entra ID, then manually delete the Intune device and any remnant device entries on Entra ID, then wait up to 30 minutes for the next AD to EID sync to repopulate the device, then reboot the PC to have it re-register on EID, before then running dsregcmd /join and dsregcmd /updateDevice to get everythng back on track again, after which updates from WUfB resume once more.
It's a pain.
- Jason_Sandys
Microsoft
Hi Ryan, Sorry to hear this is happening and seemingly pervasive in your environment. Note that this is not in any way expected though and should not be a common occurrence (if ever) and thus should be troubleshot to determine the root cause as there's some additional factor or influence leading to this scenario that is, as noted, not normal or expected. I strongly suggest that you open a support case to help troubleshoot this issue. You can start this process on your own as well by reviewing the event logs. The troubleshooter described at https://learn.microsoft.com/en-us/entra/identity/devices/troubleshoot-device-windows-joined may help as well. - Joe_Lurie
RyanSpoonerJCB Seeing as hybrid join is a step along the way to cloud native (Entra joined, Intune managed), and cloud-native is where we are directing all of our customers, we aren't really putting any more effort into the hybrid join experience. Of course, we're doing bug fixes and the like, but no new features are planned at this time.
That said, the scenario that you explain is not what we'd expect to happen. I suggest talking to your account team if you have one, or opening a support ticket to find out why this is happening.
--Joe.
- If i was a little startup starting up today, i'd go cloud native. But Microsoft seem to be forgetting the large established organisations with heavy investments in and perfectly functioning and performant on-prem environments. "Directing" all your customers to go cloud native is not only not serving your customers, it's naïve as well.
- Jason_SandysHi Azure Admin Ronan Fahy, We fully appreciate this perspective and feedback, however, we do in fact have a large percentage of customers of all sizes (from 100s or devices up to hundreds of thousands of devices) actively moving or that have moved already to cloud native. We also fully appreciate the effort potentially involved for orgs to accomplish this. Based on our work with many of the customers that are moving or have moved, the long-term gains are real particularly when you consider the ever-changing threat landscape and the simple costs of maintaining large on-prem infrastructures. Here are some food for thought blogs that encompass our guidance: https://www.microsoft.com/en-us/microsoft-365/blog/2023/12/05/3-reasons-why-now-is-the-time-to-go-cloud-native-for-device-management/ https://www.microsoft.com/en-us/microsoft-365/blog/2024/01/29/best-practices-in-moving-to-cloud-native-endpoint-management/ https://www.microsoft.com/en-us/microsoft-365/blog/2024/06/12/how-to-achieve-cloud-native-endpoint-management-with-microsoft-intune/
