When you register a device with Windows Autopilot, an Azure AD device object will be created corresponding to that Azure AD device. That device objects is important for Windows Autopilot and should never be deleted without also removing the Windows Autopilot device. To support that, the Azure AD team has added an additional validation that won’t allow you to delete a device object associated with Windows Autopilot. You’ll see an error if you try:
That will help avoid additional issues you would encounter if you did actually remove the device. At the same time, you might notice that there is a new icon on the list of devices:
In case you’re wondering, that new icon is specific to Windows Autopilot devices:
So you can see which of the objects are pre-created Windows Autopilot device objects and shouldn’t be deleted.
I would expect details of that change to show up in the Azure AD What’s New page soon.
Categories: Windows Autopilot
Since the aad/ Autopilot removal lock changes I seeing some strange.
I don’t know if this is the right place to ask but here goes:
I joined a a device Hybrid joined User driven by Autopilot.
You wrote in a blog in january:
“Want some proof? Follow the link from the Windows Autopilot device to the Intune device and see what policies are targeted to the device. Also, notice that the Windows Autopilot device still points to the Azure AD device object, not the Hybrid Azure AD device.”
But now I ended up with a the windows Autopilot and Intune object pointing to hybrid joined AAD object.
And the lonely created AAD object by autpilot has the azureaddevice id what match with the objectid of the AD object. Is this normal? I had the impression the AD objectid always match the Hybrid joined ADD DeviceID after the complete process. So has something changed?
Is there a way to turn this off? I need to delete devices from Azure AD, but I have to go into Intune Autopilot and delete the device in there and then go back to Azure AD. I also have to write down the Azure AD computer name, because the Intune Autopilot name is based on the serial number, and I can not find the computer in Azure AD with the serial number.
This just created a ton of work for me.
I normally could go to Intune Autopilot. Search via serialnumber, delete Intune record and delete AzureAD record. And then delete Intune Autopilot.