Pauses device ESP for up to 60 minutes for machine to register with AzureAD. Add the WaitForUserDeviceRegistration.intunewin app to Intune and specify the following command line:
powershell.exe -noprofile -executionpolicy bypass -file .\WaitForUserDeviceRegistration.ps1
To "uninstall" the app, the following can be used (for example, to get the app to re-install):
cmd.exe /c del %ProgramData%\DeviceRegistration\WaitForUserDeviceRegistration.ps1.tag
Specify the platforms and minimum OS version that you want to support.
For a detection rule, specify the path and file and "File or folder exists" detection method:
%ProgramData%\DeviceRegistration\WaitForUserDeviceRegistration WaitForUserDeviceRegistration.ps1.tag
Deploy the app as a required app to an appropriate set of devices.
As stated in the script comments:
Triggers an Entra Connect (AAD Connect) "Single Object Sync" so that computers do not have to wait for the default Entra Connect synchronization interval.. i.e..DESCRIPTION As discussed in, Microsoft doesn't want customers running Entra Connect Sync more frequently than their AllowedSyncCycleInterval, which is currently 30 minutes. However, this results in a significant delay in the AutoPilot/OOBE experience for Hybrid Azure AD Joined workstations. This script looks for computers in a given OU ($BaseOu) with a certificate generated more recently than the last Entra sync cycle, as the certificate's date is representative of workstations Entra join attempt. Run this script every 5 minutes, as a scheduled task from the Microsoft Entra Connect (AAD Connect) server.
The original version is also available, if you do not wish to use the per-device sync.