@KakTak-8938, Thank you for reaching out. Yes you can keep the machines (Windows 10) in both states that is joined to local AD as well as joined to Azure AD. This type of setup is referred to as Hybrid AAD join scenario. In this case your machine remains joined to the on-prem AD as well as to Azure AD and here the machine join to azure AD happens in machine's context and not in user's context. Hence after your machines get joined to Azure AD, your cloud users can simply login using their upn and experience a whole new SSO experience.
You can refer to the following articles below for a proper deployment:
- Plan the hybrid AAD join implementation: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
- Controlled validation of Hybrid AAD join: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control
- Configure Hybrid AAD join for managed domains: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
- Configure Hybrid AAD join for federated domains: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains
- First Run Experience with Hybrid AAD joined machines: https://learn.microsoft.com/en-us/azure/active-directory/devices/azuread-joined-devices-frx
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.