This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 81%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Hi all.
I've been looking into how Intune and AAD interact after an Intune device is deleted.
This is my test/setup.
I created an normal Windows 11 VM in Azure via the portal, this is enabled for logon using AAD (AADLogonForWindows VM extension) using the check for Entra ID on the management tab (I think) , I did not mark this device to be Intune enrolled at the time of creation (this was deliberate).
As expected the device in AAD was created for the new VM, Entra ID Joined.
From an RDP session on to the TestingVM I enrolled it into Intune (Settings > Accounts > Enrol).
As expected a device was created in Intune for the new VM (as personal, but that doesn't matter).
Upon checking in Entra ID devices there are now two devices, as follows;
My questions are:
My aim is to be able to have a single AAD device object that is both Entra joined and Intune enrolled without having to destroy and recreate the VM (I'm planning for when someone incorrectly deletes an Intune device object!).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Jonathan Telling, Thanks for posting in Q&A.
Q1. Will these two object merge at some point, if so, when?
A1. Typically, these objects do not automatically merge. The creation of two separate objects happens because the device was initially Azure AD joined and then later enrolled into Intune, creating a separate entry for the Intune enrollment.
Q2. If not, if there a way to merge them?
A2. Unfortunately, there isn't a direct way to merge these objects manually. However, you can try removing the device from Azure AD and Intune, then re-enrolling it.
Q3. Why were two objects created?
A3. Two objects were created because the device was first Azure AD joined and then enrolled into Intune. This results in separate entries for each action: one for the Azure AD join and another for the Intune enrollment
To achieve your goal, you can remove the device from both Azure AD and Intune and try to re-enroll the device into Intune directly from the device settings. This should create a single object that is both Azure AD joined, and Intune enrolled.
If someone incorrectly deletes an Intune device object, you can re-enroll the device into Intune without needing to recreate the VM.
https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
Non-official, just for reference.
Hope above information can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.