Share via

MDM in case of Hybrid Azure AD join

Siya Kumari 536 Reputation points
2023-12-29T03:54:34.5833333+00:00

Hello team,

I want to know how MDM works in the case of Windows 10 workstation Hybrid Azure AD join. Is it necessary to apply MDM-related GPO to the Hybrid join devices or MDM works automatically by just enabling MDM in Intune?

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
Accepted answer
  1. Akshay-MSFT 17,961 Reputation points Microsoft Employee Moderator
    2023-12-29T06:56:45.9633333+00:00

    @Siya Kumari

    Thanks to the inputs from Crystal-MSFT you have all possible ways to enroll a device to Intune. Answering to your question:

    Yes, you need to deploy GPO to have an existing hybrid AD join device to be managed via Intune or if you have an MECM environment then you may follow enable co-management for existing Configuration Manager clients. Until it's not enrolled the devices won't receive the policy you try to push from the MDM(Intune).

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2023-12-29T05:31:01.83+00:00

    @Siya Kumari, Thanks for posting in Q&A. In General, Microsoft Intune is a cloud service which manages user access to organizational resources and simplifies app and device management across your many devices.

    For Hybrid Azure AD join, if you have an on-premises Active Directory Domain Services (AD DS) environment and you want to join your AD DS domain-joined computers to Microsoft Entra ID, you can accomplish this task by doing Microsoft Entra hybrid join (Hybrid Azure AD join).

    https://learn.microsoft.com/en-us/entra/identity/devices/hybrid-join-plan

    To manage the device by Intune, we need to firstly enroll the devices into Intune.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows

    For Hybrid Azure AD joined device, we can choose either one of the following methods:

    • GPO enrollment
    • Autopilot Hybrid Azure AD join
    • Co-management

    To do GPO enrollment, we can configure autoenrollment, configure GPO in domain group policy. Here is a link with more details for your reference:

    https://learn.microsoft.com/en-us/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.