Q. I have enabled workplace join in my environment however after a period of time devices become un-enrolled. Why and how can I stop this?
A. When device registration is enabled with ADFS devices can be registered with Active Directory. However, after 90 days (by default) devices are cleaned up and removed from AD if the devices have not connected. This can be viewed using the Get-AdfsDeviceRegistration cmdlet and viewing the MaximumInactiveDays value as shown.
PS C:\> Get-AdfsDeviceRegistration
DrsObjectDN : CN=DeviceRegistrationService,CN=Device Registration Services,CN=Device Registration
DevicesPerUser : 10
MaximumInactiveDays : 90
IsEnabledOnPremises : True
IsEnabledInCloud : False
DeviceObjectLocation : CN=RegisteredDevices,DC=savilltech,DC=net
To disable the cleanup set the MaximumInactiveDays value to 0, for example:
Set-AdfsDeviceRegistration -MaximumInactiveDays 0