Move from Azure AD registered to Azure AD Joined

Andreas 1,301 Reputation points
2020-08-04T21:55:50.843+00:00

Hi,

We have several machines today that are Azure AD registered but we want to "convert" these to Azure AD joined.
Is that possible without doing a reset ?

The machines are today Azure AD registered since we have a local domain, but we are going to remove the local domain and go for all cloud.
So what would be the best way to accomplish this.... For example userA has a computer with a lot of applications, and this machines is part of domain.local and it is Azure AD registered.... if the user wants to keep the applications, what steps should be performed.

I had a similar question here, but created another one since I had more questions.
join-intune-when-machine-is-local-domain.html

Thanks for reply

/Regards
Andreas

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,449 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,432 questions
0 comments
Accepted answer
  1. Jason Sandys 31,286 Reputation points Microsoft Employee
    2020-08-14T01:27:05.853+00:00

    Yes, resetting the device and using Autopilot is the preferred path here from a Microsoft perspective. Keep in mind that this assumes a lot of things as this won't preserve user, data, applications, or configuration so you need to be prepared to deploy these from whatever management tool you are using (Intune and/or ConfigMgr in the Microsoft ecosystem).

    Unregistering from AAD isn't necessary.

    Technically, you could certainly unjoin the on-prem domain and then join AAD but as Nick noted, this will orphan the user's profile and there are no supported Microsoft tools to migrate user profiles for this scenario.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Hogarth 3,436 Reputation points
    2020-08-04T22:40:23.167+00:00

    It isn't very clean to go from on-prem AD joined to Azure AD joined as it might orphan user profiles and possibly mess up file system and registry URL's. Other ways to do it are to do it as part of a hardware replacement and use Autopilot with an Azure AD Join profile, or do a wipe and load and use Autopilot with Azure AD Join.

    0 comments
  2. Andreas 1,301 Reputation points
    2020-08-05T06:01:05.44+00:00

    Hi,

    Ok I understand, so from a "best practice" point of view, it should be a "clean install"....do you know if Microsoft recommends this ?

    Which step should we do...

    A - Users login to their PC and goes to Settings>Update&Security>Recovery and then click Reset this PC and select Remove everything

    B - Users login to their PC and goes to Settings>Accounts>Access work or school and disconnect so the PC is not Azure registered (we must check that the device is removed from Azure AD) then the user goes to Settings>Update&Security>Recovery and then click Reset this PC and select Remove everything

    /Regards
    Andreas

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.