Silently enroll a Windows device to Microsoft Intune if already joined to Azure AD and already has an AAD user account.
Will help automatically enroll existing Windows devices (Hybrid or Azure AD joined) into Intune. Verifies if device is Azure AD join, that has an Azure AD account from same Tenant and verifies that Intune services do not already exist on device. If so, it configures MDM urls and executes Device Enrollment.
Logic based on Rudy Ooms (@Mister_MDM) blog: https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/ .
- Validate admin privilige.
- Confirm device is AzureAD joined.
- Confirm user information from same Tenant as device.
- Execute enrollment as system.
Function to execute as SYSTEM from Ondrej Sebela (@AndrewZtrhgf).
- Blog: https://doitpsway.com/fixing-hybrid-azure-ad-join-on-a-device-using-powershell .
- Source: https://github.com/ztrhgf/useful_powershell_functions/blob/master/INTUNE/Reset-HybridADJoin.ps1.
Other source: https://nerdymishka.com/articles/azure-ad-domain-join-registry-keys/
More sources mentioned in code.
- At end verify that Device correctly received Intune Certificate.