Azure AD Domain Services and Azure AD hybrid join

Kießig, Stefan 6 Reputation points
2021-04-23T22:05:33.59+00:00

I have a cloud-only environment. Now I want to connect all VMs that are connected to my Azure AD domain services also to Azure AD (hybrid).
I would like to manage my VWD environment (windows 10 mutli user) in intune. How can I do this?

Thank you for your support
Stefan

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,688 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mark Chinery 6 Reputation points
    2022-12-08T10:47:24.887+00:00

    I have got the same issue, Domain joined devices to my AADDS domain, AVD and both on premise devices but I cannot Hybrid AD join so we can get the automatically enrolled to Intune.

    For the few physical machines joined to the domain I wanted to use Autopilot with Hybrid AD join to build and manage the devices but without the hybrid AD join capability I'm up the creek without a paddle. having to Autopilot with AAD join, remove from AAD then domain join. this is required as the on premise app relies on domain services to function.

    Microsoft, Please give us the hybrid AD join and Auto MDM capability in AADDS.

    1 person found this answer helpful.
    0 comments
  2. Siva-kumar-selvaraj 15,561 Reputation points
    2021-04-27T09:07:17.55+00:00

    Hello @Kießig, Stefan ,

    Thanks for reaching out.

    This is not supported scenario, because one of the prerequisite for Hybrid Azure AD join is to configure Azure AD Connect", but It's not supported to install Azure AD Connect in a Azure AD Domain Services to synchronize objects back to Azure AD.

    Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/synchronization#synchronization-from-on-premises-ad-ds-to-azure-ad-and-azure-ad-ds

    You could use Azure Active Directory (Azure AD) Join, which joins the device with Azure Active Directory and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune and you can manage them in Intune.

    To learn more:
    Intune enrollment methods for Windows devices: https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
    Azure AD joined devices: https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join

    Hope this helps

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  3. Höfer Björn Andreas 1 Reputation point
    2021-05-12T14:52:18.51+00:00

    Hello @sikumars-msft,

    thanks for the hint - I'm currently facing the same issue/question.

    To sum it up:

    • Azure AD Connect is not an option in an AADDS-Setting
    • If Auto Enrollment is enabled the device must be joined by the user during OOBE

    My question is now:
    According to your link: https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods there are several methods for enrollment - but in the current setting the enrollment options is this - https://learn.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network

    When we add the (test-)users account the device shows up in the Azure Active Directory - but we do not see it in the endpoint manager admin center.
    The settings were don according to this tutorial: https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment and the user is part of the intune enabled grousp.

    Any clues, why the device is not showing up, or did we miss some configuration part?

    Kind regards

    Björn

  4. Yonathan Grunewald 1 Reputation point
    2022-07-13T09:25:23.817+00:00

    we are stuck on the same issue. can't enroll VMs to Intune, can't configure Hybrid AD join etc.
    Seems like a needed feature to allow management of Azure ADDS joined devices using intune, or enabling SSSO for VMs was overlooked..

    0 comments
  5. COPPIN ETIENNE 1 Reputation point
    2022-11-15T15:12:54.03+00:00

    Same request here. AADDS in place, synced in Azure AD, azure WVD joined to AADDS, Azure file integrated with AADDS. Customer is using a VM with SQL Express. Customer application is running inside the WVD using SQL Integrated Authentication.

    Now the customer want to upgrade to a SQL standard, i advice the customer the Azure Paas approach with a Azure SQL Managed Instance.
    For now only SQL Authentication is working, i need to join my existing WVD to Azure AD because it's a prerequisite from https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-setup-incoming-trust-based-flow?view=azuresql to tentatively use Windows Authentication again to have the same SSO experience when launching their application.

    I'm also stuck and finally, i will recommend to the customer to go with a pure Iaas approach with a complete SQL running on a vm.