/
Hybrid Join VM Setup Guide – Windows 11 (24H2)

Hybrid Join VM Setup Guide – Windows 11 (24H2)

 

1. Create the VM

• Use Failover Cluster Manager to build a new virtual machine.

2. Mount the ISO

• Mount en-us_windows_11_business_editions_version_24h2_x64_dvd_59a1851e.iso to the VM.

3. Install Windows 11

• Boot the VM with the ISO.
• Go through Windows setup.
• Select 'domain join instead' when prompted.
• Create an offline local account (you’ll convert to Hybrid Join later).
• Set security questions as required.

4. Collect Autopilot Hash

Open PowerShell as Administrator and run the following commands:


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo -Force
Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv

5. Upload Hash to Intune

1. Go to https://intune.microsoft.com
2. Navigate to: Devices > Enrollment > Windows Autopilot devices
3. Click 'Import' and upload AutopilotHWID.csv
4. After upload:

• Select the serial number
• Assign Device Name and Group Tag
5. Wait for device assignment to complete.

6. Configure VM for Hybrid Join

1. Rename the computer manually using the same name set in Intune, then restart the VM.
2. In Active Directory:
• Go to: SH / SH-OU-Hybrid Computer
• Create the computer object using your Admin- account.

Add Computer to SH-US-Hybrid Devices
3. Join VM to the domain using the OU created above, then restart the VM.

7. Confirm Hybrid Join

Open PowerShell and run:

dsregcmd /status

Check for:
• AzureAdJoined : NO
• DomainJoined : YES
• Hybrid AzureADJoined : YES
OR check if Microsoft Intune Management Extension is installed (in Programs).

8. Wait for Intune Enrollment

• Allow the device time to receive all Intune policies and required apps.
• You can now monitor the device in Intune under Devices.

9. After completion

  • Unmount The iso

  • Turn off the VM and then go to settings / security and then un-check Enable Trusted Platform Module box.