Q1: Why can\u2019t I \u201cfactory reset\u201d my Windows 10 device even though it\u2019s listed in Intune under \u201cAzure AD Devices\u201d, however the device is not listed in All Devices
\nA1: Azure AD Join devices don\u2019t allow you to factory reset. Your device needs to be enrolled with Intune MDM before the device can be \u201cfactor reset\u201d. To enable Intune MDM run though the following
\n1.\tEnable Intune MDM integration with Azure AD: https:\/\/docs.microsoft.com\/en-us\/intune\/windows-enroll
\n2.\tLicense user for EMS (AD Premium and Intune required): https:\/\/docs.microsoft.com\/en-us\/intune\/licenses-assign
\n3.\tDevice Enrolment: https:\/\/docs.microsoft.com\/en-us\/intune-user-help\/enroll-your-w10-phone-or-w10-pc-windows
\n4.\tTo force intune MDM enrolment you can install the company portal app from the Microsoft Store: https:\/\/www.microsoft.com\/en-gb\/store\/p\/company-portal\/9wzdncrfj3pz
\nNB: if joining windows AD DS and Azure AD see Q3:<\/p>\n
Q2: Can I factory reset a Windows 10 device which is Windows AD DS Joined, Azure AD Joined and Intune MDM Managed
\nA2: Yes, to configure please see Q3<\/p>\n
Q3: can I automatically enrol a windows 10 windows AD DS joined device into MDM and Azure AD
\nA3; Yes, however you need to be using build 1709 or above, for more information please see : https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/device-management-hybrid-azuread-joined-devices-setup and
\nhttps:\/\/docs.microsoft.com\/en-us\/windows\/client-management\/mdm\/enroll-a-windows-10-device-automatically-using-group-policy <\/p>\n
Q4: Is it possible to add the BitLocker Protector key to AzureAD? even if you enabled BitLocker before the device was Azure AD Join?
\nA4: Yes, the following PowerShell will need to be executed:<\/p>\n
Add-BitLockerKeyProtector -MountPoint “C:” -RecoveryPasswordProtector
\n$BLV = Get-BitLockerVolume -MountPoint “C:”
\nBackupToAAD-BitLockerKeyProtector -MountPoint “C:” -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId<\/p>\n
Further information:<\/p>\n
Intune make sure the DNS CNAMEs are created: https:\/\/docs.microsoft.com\/en-us\/intune\/windows-enroll#simplify-windows-enrollment-without-azure-ad-premium
\nIntune Factory reset\\Remove company data descriptions: https:\/\/docs.microsoft.com\/en-us\/intune\/devices-wipe
\nIntune Non-windows updates: https:\/\/docs.microsoft.com\/en-us\/intune\/whats-new
\nIntune device compliance policies: https:\/\/docs.microsoft.com\/en-us\/intune\/device-compliance-get-started
\nBitLocker Management: https:\/\/docs.microsoft.com\/en-us\/windows\/device-security\/bitlocker\/bitlocker-management-for-enterprises <\/p>\n","protected":false},"excerpt":{"rendered":"
Q1: Why can\u2019t I \u201cfactory reset\u201d my Windows 10 device even though it\u2019s listed in Intune under \u201cAzure AD Devices\u201d, however the device is not listed in All Devices A1: Azure AD Join devices don\u2019t<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[21],"tags":[2491,2694,1011,2714,2704],"class_list":["post-4144","post","type-post","status-publish","format-standard","hentry","category-microsoft","tag-ad-ds","tag-azure-ad","tag-intune","tag-mdm","tag-sccm"],"jetpack_publicize_connections":[],"yoast_head":"\r\n