In our environment we had a lot AzureAD Registered Devices that were corporate owned, but couldn’t be AzureAD Joined or Hybrid AzureAD Joined due to some technical limitations
One issue with this setup are the limitations that come with a device tagged as “Personal” in Intune like the missing App Inventory of these devices. But since in our case these devices are no BYOD or Personal owned devices, but 100% corporate owned just joined in a different way, we wanted to convert these devices to corporate owned for a long time. Our biggest blocker here was recently fixed by Microsoft by adding a Filter property “device Trust Type” which allows us to assign Policys based on this property instead of having to misuse the ownership filed like we did the last years What’s new in Microsoft Intune | Microsoft Learn
Convert the “personal” Windows Devices
To actually convert the devices, we again can use a simply Azure Automation Runbook like many times before. If you haven’t seen my Blog Entry about this, check out: Automate Autopilot Uploads with Azure Automation Runbooks – Mike’s MDM Blog (mikemdm.de)
For our personal devices, we can use this script hosted on my GitHub: Scripts/Convert-Personal-Corporate.ps1 at main · mmeierm/Scripts (github.com)
From a Permission Perspective, we need to assign the following permission to our Managed Identity:
– DeviceManagementManagedDevices.ReadWrite.All
Leave a Reply