In November 2023, Microsoft introduced its Secure Future Initiative (SFI)—a strategic effort to enhance security across its ecosystem. As part of this initiative, important changes are coming to the Intune Connector for Active Directory, effective late June 2025.
These updates align the connector with the principle of least privilege by transitioning it to use a Managed Service Account (MSA) instead of the local system account.
What’s Changing
Starting in late June 2025:
The new version, 6.2504.2001.8, is already available for download via the Intune portal.
What is the Intune Connector for Active Directory?
Also known as the Offline Domain Join (ODJ) Connector, this tool is used during Windows Autopilot provisioning to join devices to an on-premises Active Directory domain. It enables devices to become Microsoft Entra hybrid joined, bridging cloud and on-prem environments.
Why the Switch to a Managed Service Account?
The current connector runs under the Local System account, which has broad privileges. The new version improves security by using a Managed Service Account (MSA)—a special type of Active Directory account designed for services.
✅ Benefits of MSAs:
Conclusion
This update marks a significant step forward in enhancing security and simplifying account management. If you're currently using the Intune Connector for Active Directory, it's essential to upgrade to version 6.2504.2001.8 before the end of June 2025 to avoid service disruptions.
Helient strongly recommends that all customers complete this upgrade as soon as possible. For more information or assistance with the transition, please reach out to our industry-leading experts at service@helient.com.