Hybrid AD Join - different domain?

Question

We have computers that have to be joined to an on-prem AD and they sign into computers with on-prem AD account.
However we want them to use Azure AD/M365 accounts to login to Office app and office on the web.
Can their computers still be AD joined as well as Azure AD joined if they are using two different identities? Would they still be able to sign into the computer using their local AD and device still be managed by AAD/InTune?

Answer 1

Yes, its very much possible using Azure Hybrid AD join capabilities. In this process , on-prem creds/devices will be synced to Azure AD using Azure AD connect.

There are certain pre-req and plan needs to be in place for Implementing Hybrid AD.

Refer this detailed articled on how to steps : https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains

Note - Endpoints should have live connection with DC at the time of Hyrid AD join process, else it will fail.

Answer 2

@John Q , Agree with Dev073, For Hybrid Azure AD join device, the login account can still be on-premise AD account. We can configure hybrid Azure Active Directory join for managed domains or federated domains according your requirement.

After that, we can enroll these devices into Intune via GPO. Here is a link for the reference:
https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

Hope it can help.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.