Hybrid Azure AD joined devices benefits and caveats ?

EnterpriseArchitect 4,826 Reputation points
2022-05-29T12:49:35.873+00:00

People,

I'm using Hybrid Azure AD sync from my OnPremise ADDS and also some Exchange Server for the Hybrid setup (no more on-premise mailboxes).

What are the benefits and the caveats of performing Hybrid Azure AD Join https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid?

My goal here is to eliminate the OnPremise Active Directory Domain controller, so nothing is synched from OnPremise to Azure AD.

However, I still have multiple Group Policies and also Custom build apps that relies on LDAP or Active Directory.

Thanks in advance.

Appendix: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/to-aad-join-or-not-that-is-the-question/ba-p/3435768

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,931 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,901 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments
Accepted answer
  1. Carlos Solís Salazar 16,696 Reputation points MVP
    2022-05-29T20:48:56.947+00:00

    Hi @EnterpriseArchitect

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    One of the advantages of having an Azure AD Connect is that your users only must know one password. (The same password for Windows and MS365)

    You said:

    However, I still have multiple Group Policies and also Custom build apps that relies on LDAP or Active Directory.

    This is another reason not to abandon Azure AD Connect.

    And responding to your main question, I don't see too many caveats, in my experience, a great benefit is that you can administrate some device functions from your azure ad.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,391 Reputation points
    2022-06-06T07:49:17.287+00:00

    Hi there,

    Hybrid approach is where the device first gets enrolled to Intune during the autopilot process to receive the ODJ blob to complete the “domain join” process .

    Post which it waits for AAD Connect to sync the on-prem device object to Azure AD resulting in the creation of the 2nd device object with join state as Hybrid Azure AD join.

    The main advantage of this approach is Flexibility to “keep control” over the endpoints using existing Group Policies and as well as taking benefits of MDM.

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments