Cloud-only account on hybrid joined device?

Question

Hello everyone,
we are planning to use hybrid joined devices (AD & AAD) in future as one step (of many) to a cloud-only approach.

What we are currently wondering (because it's not working in the lab environment):
Can a cloud-only user logon to a hybrid joined computer? Currently in our test environment it's not working. The company want's to have the On-Premise AD User Accounts removed in near future and use cloud-only accounts.

Thanks in advance

Answer 1

@Vexxer_5 , If the machine is Hybrid AAD joined, a cloud only user wont be able to join, as while you login to a Hybrid AAD join machine, usually the user is present in both the on-prem and the cloud and only that user can login, because while logging into a Domain joined machine, the user first has to get authenticated by the on-prem Domain Controller before AAD checks the credentials.

Second option is to go ahead with Azure AD Joined machine.

Ref: https://learn.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan

---------------------------------------------------------------------------------------------------------------------------------------

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

Answer 2

Found this thread while stumbling upon the following cloud only documentation. Thought it might help someone who finds this thread first.

Answer 3

If in the future the plan is to completely move from On-Prem to AAD, then refer this article. Then, gradually decommission On-Prem AD DC's.

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!