![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 2%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,193 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you want to know the impact on user's if you set up hybrid Entra join for user devices.
Since you already have hybrid environment it means that users are already synced to Entra ID and they are currently accessing there Entra resources.
If you do a device hybrid Entra ID join, there is no impact on users. User's will be able to utilize the Single Sign-on capability.
Apart from that as per your requirement, you will be able to configure conditional access policies devices.
If the device failed to Hybrid Entra ID join, then users will still be able to login to the device because while logging in to device users will use there on-premises credentials.
Only single sign-on will fail for Entra ID resources. Or if you have set up any conditional access policy for any Entra resource, then even that will fail.
Apart from this there is no other impact if Hybrid Entra ID join fails.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.