Hi @DINESH PANDEY ,
Thanks for your post and apologies for the delayed response!
Can a cloud-only account log in to a Hybrid Azure AD Joined Machine?
Short answer: No.
Longer answer: If the machine is Hybrid Azure AD joined, a cloud-only user will not be able to join. When logging into a Hybrid Azure AD joined machine, the user should exist both on-premises and in the cloud. The user first has to get authenticated by the on-prem Domain Controller before Azure AD checks the credentials.
Users can, however, log in to Windows with their Office 365 credentials if their accounts are hybrid Azure AD joined. The user needs to have a local account to log in to the machine. One option would be to create an Active Directory account for them and soft-match it against the Azure AD user object.
Can we automate or manually delete (permanently) the the 0365 group permanently from Azure portal?
To permanently delete the soft-deleted groups, you can query Get-AzureADMSDeletedGroup
The you can copy the ID of Group and run the following command to delete it:
Remove-AzureADMSDeletedDirectoryObject –Id xxxx-xxx-xx
There isn't a pre-existing script that does this, but you could probably select groups by -DisplayNameStartsWith
and create a custom query. https://learn.microsoft.com/en-us/powershell/module/az.resources/get-azadgroup?view=azps-8.0.0
Additional resources:
Cloud-only account on hybrid joined device?
https://learn.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan
https://learn.microsoft.com/en-us/windows-365/enterprise/identity-authentication
-
If the answer provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.