This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Hello,
Hoping someone could answer.
This may look like a very vague query. requirement as below from the school:-
"Educational institute"
"Tenant with MS A1 license"
"Upgrade to MS A3"
"500 devices"
"Want to cutover AD to AAD" (make in cloud identities I have assumed)
I am assuming their devices are AD joined (remote users - students)
"Using 2 profiles - one for staff and another for teachers, controlling which network they connect to.
"Push/install software remotely"
I understand that there is no direct path to make a AD joined machine completely AAD joined and Intune managed. Has someone been able to do it?
I think auto pilot would be a way to go but that would require us to reset the devices.
Or we could just use the option to enroll this device to Intune but that would lead us to have hybrid joined.
Also, how long this might take?
Thank you
@hitender singh Thanks for posting in our Q&A.
To clarify this issue, we appreciate your help to clear something:
1.From your description, I know that the devices are in on-premises AD. So, what joined type did you want? Hybrid Azure AD joined(The devices are joined to on-premises AD and Azure AD)? Or Azure AD joined(The devices are just joined to Azure AD)?
2.If you want Hybrid Azure AD joined, autopilot enrollment and GOP enrollment could be used. However, autopilot needs to reset the devices. For GPO enrollment, we can read the following article as a reference:
https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
3.If you want just Azure AD joined, it is needed to remove the devices from the on-premises AD. Then enroll the devices to intune.
Not sure how long it will take, these work involve many factors such as the network, the device itself and so on.
If there is anyting update, feel free to let us know.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@hitender singh I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.