When Intune and 365 became a ‘thing’ devices and users were usually built on a Hybrid basis. The reason? reliance on being able to access on-prem services such as printers, file shares and web applications.
There is a now a script, that converts the device from Hybrid to Azure AD joined.
The Script #
Download the required script and files from here. Once downloaded extract the files.
Azure App Registration #
Sign in to entra.microsoft.com with your Global Admin Credentials
Navigate to Applications > App registrations and click + New registration
Enter a name for the application (this can be whatever you’d like). Leave all other options as default and click Register.
Once the application page loads, find the Application (client) ID and copy the value.
Navigate to the config.json file and paste the value into sourceTenant: clientId:
Back at the app page in Entra, navigate to API permissions and click +Add a permission.
On the Request API permissions page, select Microsoft Graph
For type of permission select Application permissions
Type device into the search field, and add the following permissions in each category:
Device
Device.ReadWrite.All
DeviceManagementManagedDevices
DeviceManagementManagedDevices.ReadWrite.All
DeviceManagementServiceConfig
DeviceManagementServiceConfig.ReadWrite.All
User
User.ReadWrite.All
On the API permissions page, click Grant admin consent for TENANT NAME. Click Yes at the Grant admin consent confirmation popup.
All permissions should now have the granted status.
