NestoriSyynimaa
commented
2 years ago AADInternals can not currently be used to join "real" devices to AAD. It just follows the same procedure as the normal join process does and creates the certificate for "fake" device. The certificate represents the device, i.e., you can create a PRT with that and then get access tokens using the PRT. Resulting access tokens will have the deviceid claim.
I'm currently in the process of researching how to join "real" devices but that can take awhile.
RODINOliver
Hey, I'm trying to use the 'Join-AADIntDeviceToAzureAD' command, as far as I can tell, it seems to be working.
I have tried using 'Get-AADIntAccessTokenForAADJoin -BPRT $BPRT' , 'Get-AADIntAccessTokenForAADJoin -SaveToCache' and 'Get-AADIntAccessTokenForAADJoin' for generating the token.
But I don't believe it is a permission issue.
Every time the command is ran a device is being created in AAD.
Most recent example -
PS Command Output:
AAD Device:
However, at this stage, I was expecting I could reboot the device and it would be AAD Joined and ready to be signed into with an AAD account.
After a reboot that never occurs and when checking dsregcmd 'AzureAdJoined' is still 'NO'.
I have also attempted to split the steps by performing the 'register' first then 'join' but the result was the same.
Am I missing something or?