Merged PR 12668: Hybrid AD join for Autopilot

New content

windows/deployment/windows-autopilot/TOC.md

@@ -6,6 +6,8 @@
 ## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
 ### [Support for existing devices](existing-devices.md)
 ### [User-driven mode](user-driven.md)
+#### [User-driven mode for AAD](user-driven-aad.md)
+#### [User-driven mode for hybrid AAD](user-driven-hybrid.md)
 ### [Self-deploying mode](self-deploying.md)
 ### [Enrollment status page](enrollment-status.md)
 ### [Windows Autopilot Reset](windows-autopilot-reset.md)

windows/deployment/windows-autopilot/user-driven-aad.md

@@ -1,19 +1,35 @@
----
+---
-title: User-driven mode for AAD
+title: User-driven mode for AAD
-description: Listing of Autopilot scenarios
+description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.localizationpriority: low
+ms.localizationpriority: low
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: deploy
+ms.pagetype: deploy
-author: greg-lindsay
+author: greg-lindsay
-ms.author: greg-lindsay
+ms.author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
----
+---
-
+
-# Windows Autopilot user-driven mode for Azure Active Directory
+# Windows Autopilot user-driven mode for Azure Active Directory join
-
+
-**Applies to: Windows 10**
+**Applies to: Windows 10**
-
+
-PLACEHOLDER.  This topic is a placeholder for the AAD-specific instuctions currently in user-driven.md.
+## Procedures
+
+In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+
+-   Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory.  See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
+-   Create an Autopilot profile for user-driven mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
+-   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
+
+For each device that will be deployed using user-driven deployment, these additional steps are needed:
+
+-   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
+-   Ensure an Autopilot profile has been assigned to the device:
+    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
+    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
+    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 

windows/deployment/windows-autopilot/user-driven-hybrid.md

@@ -9,12 +9,31 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
 ---
 
 
-# Windows Autopilot user-driven mode for Hybrid Azure Active Directory Join
+# Windows Autopilot user-driven mode for hybrid Azure Active Directory join
 
 **Applies to: Windows 10**
 
-PLACEHOLDER.  This topic is a placeholder for the AD-specific (hybrid) instuctions.
+Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).  
+
+## Requirements
+
+To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
+
+- Users must be able to join devices to Azure Active Directory.
+- A Windows Autopilot profile for user-driven mode must be created and 
+    - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
+- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
+- The device must be running Windows 10, version 1809 or later.
+- The device must be connected to the Internet and have access to an Active Directory domain controller.
+- The Intune Connector for Active Directory must be installed.
+    - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. 
+
+## Step by step instructions
+
+See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
+
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 

windows/deployment/windows-autopilot/user-driven.md

@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
 ms.author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
 ---
 
+# Windows Autopilot user-driven mode
+
 Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device.  The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
 
 -   Unbox the device, plug it in, and turn it on.
@@ -24,21 +26,12 @@ After completing those simple steps, the remainder of the process is completely
 
 Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory.  Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release.  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
 
-## Step by step
+## Available user-driven modes
 
-In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+The following options are available for user-driven deployment:
 
--   Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory.  See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
+- [Azure Active Directory join](user-driven-aad.md) is available if devices do not need to be joined to an on-prem Active Directory domain.
--   Create an Autopilot profile for user-driven mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
+- [Hybrid Azure Active Directory join](user-driven-hybrid.md) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
--   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
-
-For each machine that will be deployed using user-driven deployment, these additional steps are needed:
-
--   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
--   Ensure an Autopilot profile has been assigned to the device:
-    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
-    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
-    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
 
 ## Validation