Use this process to convert a domain-joined machine to a Microsoft Endpoint Manager managed machine, joined to Azure Active Directory, with an Autopilot profile. The use of an Autopilot profile will link the user account to the machine, ensuring the user becomes an owner. Depending on the setting in the profile, this can enable the user to be an admin user of the machine. It will also allow the machine to be reset and still be managed by Endpoint Manager.
To complete the process remotely, the domain administrator must be able to log into the machine using a tool such as Teamviewer, which is running in "host mode", so it will allow reconnections without the user being present.
- Ensure user has M365 licence assigned
- Add the user to AAD group “Intune Users” (Or whichever group is used to assign Intune/AutoPilot profiles)
- Use Teamviewer to connect to user’s machine with admin rights
- Check machine has a local admin account enabled, and that you know the password for it (reset if necessary). If not, create a local account, and assign it as an admin account.
- Ensure the user’s desktop/documents/pictures are being backed up in OneDrive, and that Edge/Chrome are using synced accounts for favourites/settings – the user will not have access to their previous profile once the machine is converted – wait for sync to complete
- Login to the machine as the local admin account
- Remove the machine from the domain by joining a Workgroup
- Reboot the machine
- Login to the machine as local admin
- Run the following Autopilot Powershell commands in a elevated Powershell window on the user's machine and copy the resulting CSV file (C:\HWID\AutoPilotHWID.csv) to your machine:
New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
- Upload the CSV to the Autopilot portal and wait for it to sync:
Windows Autopilot devices - Microsoft Endpoint Manager admin center
- Assign the user to the imported machine in the Autopilot portal
- Return to the user’s machine and reset Windows, choosing to remove all data/files etc.
- The machine will reboot, reinstall Windows and start at the OOBE setup wizard.
- The user will need to connect the machine to their wifi/wired network.
- They will then be presented with the welcome screen where they should just need to enter their AAD password
- The Machine is now AAD joined, with an AutoPilot Profile should it need resetting.
- You can now disable/remove the old machine account from the domain.