Entra ID devices

Question

Dear team,

We have a scenario where there is a local AD forest, having Azure AD connect configured with the setting "Hybrid Azure AD joined" for the devices. Therefore the devices are shown in Entra ID as "Microsoft Entra hybrid joined". Is it possible to configure only a selected group of devices as "Microsoft Entra joined" ? The main reason for it is that the selected group of users need to be connected from outside the corporate local network, and there's a need to be able to control their login activity, especially being able to disable their login with immediate effect.

Is it recommended to have both types "Microsoft Entra hybrid joined" and "Microsoft Entra joined" at the same time in Azure Entra ID ?

Regards.

Answer 1

Hi Michael,

This is pretty much common across many organisations and this kind of setup allows org to configure hybrid and Entra joined devices to control and manage remote devices as per the policies and it also depends on the scenarios you have. Certainly you can have some devices Hybrid joined and some direct joined to Azure - Please check this article and you will get the exact information you are looking for - https://learn.microsoft.com/en-us/entra/identity/devices/plan-device-deployment

Hope this helps.

JS

==

Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.