Hybrid Microsoft Entra ID Joined Devices Showing MDM as "None" and Owner as "None"

Hybrid Microsoft Entra ID Join and Intune enrollment are two separate processes. A device showing as “Hybrid Microsoft Entra ID Joined” in the Microsoft Entra admin center only confirms that the computer object successfully registered with Microsoft Entra ID through Entra Connect and SCP discovery. It does not automatically mean the device is enrolled into Intune, which implies the reason for the MDM field currently showing None.

The Owner field being blank is also common in Hybrid Join scenarios, especially for shared devices, server operating systems, devices joined through SYSTEM context, or environments using older operating systems and legacy registration methods. The owner attribute is typically populated during user-driven enrollment or Entra ID registration workflows tied to a licensed user account. Hybrid-joined Windows domain devices often remain without an assigned owner unless Intune enrollment occurs in user context.

One potential problem in in your scenario is the presence of a Windows Server 2008 Domain Controller. Hybrid Microsoft Entra ID Join itself can function with older domain controllers, but automatic MDM enrollment and modern device registration workflows rely on newer authentication and security components.

Event ID 304 under User Device Registration\Admin usually indicates that the device registration process failed during authentication, token acquisition, SCP discovery, or enrollment initiation. The exact error code inside the event details is critical. Common causes include missing device credentials, federation issues, TLS problems, proxy inspection, unsupported authentication methods, or MDM auto-enrollment not being configured.

To enable Intune enrollment properly, verify that automatic MDM enrollment is configured in Microsoft Entra ID. In the Entra admin center, go to Mobility (MDM and MAM) → Microsoft Intune and ensure the MDM user scope includes the users signing into these devices. If the scope is set to None, devices will hybrid join successfully but will never enroll into Intune.

You also need appropriate Intune licensing assigned to the users logging into the devices. Hybrid Join alone does not require Intune licensing, but automatic MDM enrollment does. You'd need licenses such as Microsoft Intune, EMS E3/E5, or Microsoft 365 Business Premium/E3/E5.

On the Windows side, Group Policy must be configured for automatic enrollment. The policy is located at:

Computer Configuration > Policies > Administrative Templates > Windows Components > MDM

Enable: Enable automatic MDM enrollment using default Microsoft Entra credentials

Without this policy, devices may complete Hybrid Join but never attempt Intune enrollment.

Another potential consideration is operating system support. Windows Server systems do not enroll into Intune the same way Windows 10/11 client devices do. If you are expecting Windows Server 2019 itself to appear as Intune-managed, support is limited and differs significantly from workstation enrollment behavior. Hybrid Join is primarily intended for Windows client operating systems.

You should also validate the enrollment status locally using:

dsregcmd /status

Under the output, verify:

• AzureAdJoined : YES
• DomainJoined : YES
• DeviceAuthStatus : SUCCESS
• TenantDetails populated correctly
• MdmUrl populated

If MdmUrl is blank, Intune auto-enrollment configuration is not being applied from Microsoft Entra ID.

For troubleshooting Event ID 304 specifically, review:

• The HRESULT/error code inside the event
• Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider
• dsregcmd /status
• Scheduled task: Task Scheduler > Microsoft > Windows > EnterpriseMgmt

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin