Enhancing Security with the Updated Intune Connector for Active Directory

Apr 8, 2025 | Paul Cobben | 0

Introduction

Microsoft recently announced an important security update to the Intune Connector for Active Directory (AD). Starting in late May 2025, all connectors must use a low privileged account, replacing the older high-privileged service account model. This change significantly improves security and aligns with Microsoft’s Zero Trust principles.

In this step-by-step guide, we’ll walk you through how to upgrade your connector and configure it securely to stay compliant before the old method is deprecated.

Why This Matters

The update enforces least-privilege access, reducing the risk of lateral movement in case of account compromise. Organizations using Hybrid Azure AD Join for Windows Autopilot deployments must act before the deadline to avoid service interruptions.

Step 1: Check Your Current Connector Version

Before upgrading, confirm whether you’re running the older version of the Intune Connector for AD.

🔍 To check:

Go to the Intune Admin Center.
Navigate to Devices > Device Onboarding > Enrollment > Windows AutoPilot > Intune Connector for Active Directory.
Review the connector version and installation date.

If it’s older than March 2025, it’s time to update.

Step 2: Download the Updated Connector

Microsoft has released a new installer that supports the low-privileged account model.

💾 Download from: https://download.microsoft.com/download/45476bf5-d8be-43a7-8e44-e76a4d1ab28f/ODJConnectorBootstrapper.exe

More information: Microsoft Learn – Intune Connector for AD

Step 3: Create the Low Privileged Account

This account should be a domain user, not a domain admin.

👤 Account requirements:

Member of the Domain Users group only.
Must have permission to join devices to the domain via Group Policy or delegated OU permissions.

🛡️ TIP: Use a descriptive name like IntuneJoinSvc.

Step 4: Delegate Permissions for the Account

To allow the account to join devices to the domain, delegate necessary permissions on the OU where Autopilot devices are created.

✅ Steps:

Open Active Directory Users and Computers.
Right-click the target OU > Delegate Control.
Add your new service account.
Choose “Join a computer to the domain” and “Reset computer objects” permissions.

Step 5: Install the New Connector

Run the updated installer on the connector server.

During installation:

Choose “Use a low privileged service account” when prompted.
Provide the domain\username and password for the new account.
Complete setup and restart the connector service.

🧩 Ensure the server is domain-joined and has internet access.

Step 6: Verify the Configuration

Back in Intune Admin Center, confirm the new connector is active.

Checkpoints:

Status is Active.
Correct OU and domain are listed.
Devices are enrolling and hybrid joining successfully.

Step 7: Remove the Old Connector

Once the new setup is verified:

Uninstall the old connector from legacy servers.
Clean up any unused service accounts.

🔄 Keeping both connectors active may cause conflicts.

Conclusion

Updating your Intune Connector for Active Directory is a critical security upgrade that ensures compliance with Microsoft’s upcoming changes. By switching to a low privileged account model, you reduce security risks and prepare your environment for the future of secure, hybrid device management.

Event Details

The Experts 2 Experts Multi Verse Conference (formerly known as E2EVC) is a global series of non-commercial events within the end user computing community. Our primary objective is to convene top server based computing, virtualization, cloud, onprem and end user computing experts for knowledge exchange and networking. E2EMVC offers a packed weekend featuring presentations, Master Classes, and discussions led by virtualization vendors’ product teams and independent experts.

After hosting over 57+ successful events, commencing in August 2003 with just 4 participants, E2EMVC has evolved into a renowned event with approximately 200 attendees from over 25 countries. Over the past two decades, our conferences have been held in various cities worldwide, including Athens, London, Copenhagen, Amsterdam, Barcelona, Berlin, Brussels, Cape Town, Frankfurt, Dublin, Orlando, Paris, Prague, Las Vegas, Los Angeles, Madrid, Montreal, Munich, New York, Nice, Lisbon, Rome, Hamburg, Hong Kong, Singapore, Sydney, Tokyo, Tel Aviv, and Vienna. Each event typically features 40 – 50 sessions covering server, application, desktop, and storage virtualization, showcasing products from industry leaders such as Microsoft, Parallels, VMware, Citrix, and others.

More than 50 virtualization experts from the community share their insights on the industry’s current landscape. Many prominent figures in the virtualization sector have participated in our events in the past or continue to do so. The success of this event is attributed to the attendees, presenters, and sponsors who contribute to its success.

Time

May 16, 2025 - may 18, 2025 (All Day)(GMT+02:00) View in my time

Location

Amsterdam

Register Here!

Calendar GoogleCal

Organizer

Experts to Experts MultiVerse Conference

E2EMVC

[email protected]

september 2025

22sepAll Day25Workplace Ninja Summit 2025

october 2025

10oct8:00 am7:00 pmAppManagEvent 2025

november 2025

15novAll Day17E2EMVC Conference Lisbon "THE NEXT LEVEL"