Entra ID Hybrid Join without Entra ID Connect sync

Question

Entra ID Hybrid Join without Entra ID Connect sync

Alistair Russell 40

Hi,

We have recently taken over IT support of a customer and found the following configuration:

Users logon to devices joined to an on-premise Active Directory
The is No Entra ID Connect sync installed/configured
Most users have a corresponding cloud-only M365 account with a mailbox
Device are Entra AD Registered

We wish to Hybrid join these devices and enrol into Microsoft Intune however, I suspect the current configuration is going to cause problems. I have tested by installing the sync tool and soft-matching one of the accounts - this now shows as a synced account rather than cloud-only.

Looking for thoughts on problems with keeping the existing setup (No user sync, only devices) or soft-matching accounts which I believe would be the correct approach?

Thank you

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Marcin Policht 86,845 MVP Volunteer Moderator

Entra Connect is a prerequisite for hybrid join - as per https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Alistair Russell 40 Reputation points

2024-04-11T13:30:21.2833333+00:00

Hi Marcin,

Apologies for the confusion. I am aware the Entra Connect is required to sync computer accounts for hybrid join. I am looking for feedback on whether its fine to leave the user accounts as not synced, which in my opinion is messy or simply soft-match and convert them to synced accounts. I have edited the original question to reflect this.

Thanks
Marcin Policht 86,845 Reputation points MVP Volunteer Moderator

2024-04-11T14:23:33.29+00:00

In general, you don't have to sync user objects in order to implement hybrid join.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Alistair Russell 40 Reputation points

2024-04-17T09:53:07.7833333+00:00

Thank you Marcin. I agree it's not required to sync the user accounts for Hybrid Entra ID join however, I just cant see how having separate on-premise AD and Azure AD user accounts is the correct configuration. The company will have a reliance on on-premise Active Directory for a few years due to internal applications so I think we will just map the local and Azure user accounts using AD Connect tool.
Marcin Policht 86,845 Reputation points MVP Volunteer Moderator

2024-04-17T10:08:40.7833333+00:00

Agreed - this would be recommended course of action.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Share via

Entra ID Hybrid Join without Entra ID Connect sync

0 additional answers

Your answer