You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/autopilot/windows-autopilot-hybrid.md
+20-12Lines changed: 20 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ keywords:
8
8
author: ErikjeMS
9
9
ms.author: erikje
10
10
manager: dougeby
11
-
ms.date: 06/07/2021
11
+
ms.date: 06/22/2021
12
12
ms.topic: how-to
13
13
ms.service: microsoft-intune
14
14
ms.subservice: enrollment
@@ -113,12 +113,23 @@ The organizational unit that's granted the rights to create computers must match
113
113
114
114
## Install the Intune Connector
115
115
116
-
The Intune Connector for Active Directory must be installed on a computer that's running Windows Server 2016 or later. The computer must also have access to the internet and your Active Directory. To increase scale and availability, you can install multiple connectors in your environment. We recommend installing the Connector on a server that's not running any other Intune connectors. Each connector must be able to create computer objects in any domain that you want to support.
116
+
### Before you begin
117
117
118
-
> [!NOTE]
119
-
> If your organization has multiple domains and you install multiple Intune Connectors, you must use a service account that's able to create computer objects in all domains, even if you plan to implement hybrid Azure AD join only for a specific domain. If these are untrusted domains, you must uninstall the connectors from domains in which you don't want to use Windows Autopilot. Otherwise, with multiple connectors across multiple domains, all connectors must be able to create computer objects in all domains.
118
+
- The Intune Connector for Active Directory must be installed on a computer that's running Windows Server 2016 or later.
119
+
- The computer must have access to the internet and your Active Directory.
120
+
- To increase scale and availability, you can install multiple connectors in your environment. We recommend installing the Connector on a server that's not running any other Intune connectors. Each connector must be able to create computer objects in any domain that you want to support.
121
+
122
+
- If your organization has multiple domains and you install multiple Intune Connectors, you must use a service account that can create computer objects in all domains, even if you plan to implement hybrid Azure AD join only for a specific domain. If these are untrusted domains, you must uninstall the connectors from domains in which you don't want to use Windows Autopilot. Otherwise, with multiple connectors across multiple domains, all connectors must be able to create computer objects in all domains.
123
+
124
+
This connector service account must have the following permissions:
125
+
126
+
-**[Log on as a service](/system-center/scsm/enable-service-log-on-sm)**
127
+
- Must be part of the **Domain user** group
128
+
- Must be a member of the local **Administrators** group on the Windows server that hosts the connector
129
+
130
+
- The Intune Connector requires the [same endpoints as Intune](../intune/fundamentals/intune-endpoints.md).
120
131
121
-
The Intune Connector requires the [same endpoints as Intune](../intune/fundamentals/intune-endpoints.md).
132
+
### Install steps
122
133
123
134
1. Turn off IE Enhanced Security Configuration. By default Windows Server has Internet Explorer Enhanced Security Configuration turned on. If you're unable to sign in to the Intune Connector for Active Directory, then turn off IE Enhanced Security Configuration for the Administrator. [How To Turn Off Internet Explorer Enhanced Security Configuration](/archive/blogs/chenley/how-to-turn-off-internet-explorer-enhanced-security-configuration).
124
135
2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Windows** > **Windows enrollment** > **Intune Connector for Active Directory** > **Add**.
@@ -131,13 +142,10 @@ The Intune Connector requires the [same endpoints as Intune](../intune/fundament
131
142
8. Go to **Devices** > **Windows** > **Windows enrollment** > **Intune Connector for Active Directory**, and then confirm that the connection status is **Active**.
132
143
133
144
> [!NOTE]
134
-
> The Global administrator role is a temporary requirement at the time of installation.
135
-
136
-
> [!NOTE]
137
-
> After you sign in to the Connector, it might take a couple of minutes to appear in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). It appears only if it can successfully communicate with the Intune service.
138
-
139
-
> [!NOTE]
140
-
> Inactive Intune connectors will still appear in the Intune Connectors blade and will automatically be cleaned up after 30 days.
145
+
>
146
+
> - The Global administrator role is a temporary requirement at the time of installation.
147
+
> - After you sign in to the Connector, it can take several minutes to appear in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). It appears only if it can successfully communicate with the Intune service.
148
+
> - Inactive Intune connectors still appear in the Intune Connectors blade and will automatically be cleaned up after 30 days.
0 commit comments