Autopilot AAD Registers device instead of AAD Join

 

Certain devices would consistently fail to AAD/Entra Join during Autopilot.  The devices would show as AAD/Entra Registered instead of AAD/Entra Joined in the Intune device list. Autopilot would complete and the build would appear to be normal but the failure to AAD/Entra Join resulted in unexpected states.    For example Windows 11 would update itself to a release level 24H2 which was not sanctioned by the Intune MDM for the current platform.

The solution was to delete the Autopilot device from the Enrolled devices list and then upload a fresh hardware hash. 

IntuneWinAppUtil

 

Use IntuneWinAppUtil to prepare packages for upload to Intune.

Download the tool from here

https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool

Command Line

IntuneWinAppUtil.exe -c <path to source folder> -s <setup file name e.g. MSI file> -o <path to output folder>

Wipe / Fresh Start / Autopilot Reset

 

Intune: What is Retire / Wipe / Delete / Fresh Start / Autopilot Reset – Cloud Identity – Modern IT

Useful options for triggering intune sync

 

$Shell = New-Object -ComObject Shell.Application
$Shell.open("intunemanagementextension://syncapp")

also 

Issue a restart for the Microsoft Intune Management Extension windows service.

 https://oliverkieselbach.com/2020/11/03/triggering-intune-management-extension-ime-sync/

Windows OS updates can cause the start menu to stop responding on Citrix systems.

 

Start menu may stop responding if KB5048685 installed on Windows 11 22H2/23H2 VDA

Windows OS system update removal

 

use this command to locate the suspect package name

DISM /online /Get-Packages 

identify the target package from the listed output then use this command to remove it

DISM /online /Remove-Package /PackageName:<PackageName(Identity)>

Determine the local machine domain joined status

 

dsregcmd /status

Checks if machine is AADJoined etc