Reassigning a device to another user
What is the recommended process for reassigning a device to a new user in an environment where all devices are enrolled in Autopilot, Intune Defender, and Entra ID, and users have M365 E5 licenses? Currently, to maintain compliance while the device is awaiting reassignment, I have been deleting it from the Intune and Defender portals, but not from Autopilot. However, since the device remains in Autopilot, it cannot be deleted from Entra ID and continues to display the old name and user assignment, even after being renamed in Autopilot. Is there a better approach to this situation?
Join Devices using a provisioning package (.ppkg) in Azure AD - how does it work in detail?
For a project, we are checking whether there is a way to join the devices into AAD using a provisioning package. When creating a project with the Windows Configuration Designer under "Account Management" is the task for "Enroll in Azure AD" and "Get Bulk Token". Here are my questions about it: Which account do I normally used to register the token? Which rights and licenses must the account have? An enterprise app is being created, but I still must do something with the permissions? Something else needs to be done with the user that is created in AAD (package_)? Are there hurdles in sight regarding conditional access? I ask myself the questions because I tried it and failed with the following message (from the event log of the client which I wanted to integrate into AAD) Client: Windows 10 Pro 21H2, Windows 10 Enterprise 1909 (same Error) ProvXML category 'DeviceAADJoin' failed with '0x80180014' at CSP node 'AADJ/BPRT'. Provisioning failed