Windows Autopilot

Podcast episode #1: Windows Autopilot Hybrid Azure AD Join

I admit it, I’ve been procrastinating. I’ve been carrying around podcasting equipment for months, intending to use it from hotel rooms around the world to create podcasts for those that prefer audio information over written text. Since traveling is no longer a near-term option, I decided it was time to turn my home office into a (marginal) recording studio — no time like the present to try something different.

So here is episode #1:

Over time, these will be published to your favorite podcast app or destination. At the moment, you can find it on Spotify:

Apple iTunes and iHeartRadio should be added soon. (It seems that they get in no hurry when reviewing new podcast submissions.) Feeds based on Google seem to be completely at their mercy, waiting for the site to be indexed. (Hey Google, try to index Any other location comes later. (Of course you can always use the RSS feed directly,

Topic suggestions and questions are always welcome. To keep them from being lost in the e-mail pile, send them to

Categories: Windows Autopilot

5 replies »

  1. Great post Michael, i got eveything to work in my lab. However at a customer i cannot get it to work. In after the AP signin process the client just sits at “please wait while we set up your device..” and in the deviceManagement-enterprise-diagnostic-provide it will just loop with the error Attempting to get the DC name. (The specified domain either does not exist of could not be contacted). I can resolve the AD with DNS and ping all DC’s and know it should work.

    You are saying that some customers are running with the skip ADCheck function. Is this something we also could be part of? We are in a startup project moving to AAD and Intune but in the end we will run with Hubrid join as a fallback scenario. In the end we will be moving approx 50.000 client over to the new platform.

    //magnus mourujarvi


    • If the device is on the corporate network and you are seeing that, then the device probably hasn’t received an ODJ blob at all (so it’s trying to ping “null”). If it isn’t on the corporate network, you could use white glove (deploying a VPN client during the technician phase so the user can make a VPN connection when they receive the device) now, or wait for the public preview of our VPN support (which will still require that VPN client, just like in white glove) which should be available in the next couple of months.


  2. Hi Michael, thank you for this Podcast Episode.
    We have been playing with AutoPilot AAD join for sometime but for some reason we are struggling withe the “handover” from Azure AD join to ENroll via Intune using Deployment Profiles. I know this is vague but we have checked permissions, Groups ( 2 devices targeted) , ESP settings. For some reason the device OOBE gets as far as sucessfully joining to Azure AD and then stops – even though the device is in a group that has a Windows Autopilot deployment profile assigned. After running OOBE I can see that the device is joined to AAD but not managed by MDM (Intune), Just needing some pointers where to look. Thank you!


    • If MDM auto-enrollment is configured in Azure AD for the user credentials specified, then the join cannot complete if the enrollment doesn’t. So make sure you check the MDM auto-enrollment settings in Azure AD (enabled and configured for “All” or an appropriate group of users).


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s