Share via

why the join type are some as azure ad registered and some as hybrid azure ad joined

Lucas Silva 0 Reputation points
2023-04-26T11:44:41.7633333+00:00

I've turned my tenant to hybrid azure ad joined, but after the change just some of the devices are as hybrid and some as azure ad registered. How do I force all devices to be as hybrid? I nee to apply condicional access for registered devices but I cannot until all the devices be as hybrid.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
979 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-04-28T18:29:37.6733333+00:00

    Hi @Lucas Silva , the join type of devices can vary depending on their current state and the configuration of your environment. To force all devices to be hybrid Azure AD joined, you can follow these steps:

    Ensure that you have properly configured hybrid Azure AD join for your environment. You can refer to the hybrid Azure AD join implementation plan.

    1. For devices that are currently Azure AD registered, you need to unjoin them from Azure AD, which puts them in the on-premises workgroup or new state. Then, follow the steps to join them to the on-premises domain and configure hybrid Azure AD join.
    2. For devices that are currently on-premises domain joined, you can use Azure AD Connect or AD FS to join them to Azure.
    3. For devices that are on-premises workgroup joined or new, you can use Windows Autopilot to join them to hybrid Azure AD. Otherwise, the device needs to be on-premises domain joined before hybrid Azure AD join.
    4. Make sure to configure client-side registry settings for SCP on your domain-joined computers using a Group Policy Object (GPO).

    After completing these steps, all devices should be hybrid Azure AD joined, and you can apply Conditional Access policies accordingly.

    Please note that the process of changing the device state might take some time, and you may need to wait for the devices to sync with Azure AD.

    If you still have devices that are Azure AD registered, you can use Conditional Access policies with device filters to target specific device properties. This way, you can apply policies to devices based on their attributes, such as operating system, manufacturer, or model.

    For more information on how to configure device filters in Conditional Access policies, you can refer to the Filter for devices as a condition in Conditional Access policy.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark it as "Verified" so other users can reference it.

    Thank you,

    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.