This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 32%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hi,
We have an environment with local domain controllers, some clients are added to the local domain and some are not, they are just added to the tenant. Most of them are Azure AD registered. We would like to now go all Microsoft 365 without any local domain.
How would you go forward, to have every device Azure AD Joined ?
Thanks for reply
/Andy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
You can reimage the devices and use Autopilot to get the devices to be Azure AD Joined and enrolled into Intune. If you don't want to reimage the existing on-prem AD joined devices , you can use a GPO to enroll them into Intune.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Please understand whether Azure AD registered or Azure AD joined depends on account type not the enrollment type.
For Azure AD registered, it means devices that are Azure AD registered are typically personally owned or mobile devices, and are signed in with a personal Microsoft account or another local account.
o Windows 10
o iOS
o Android
o MacOS
For Azure AD joined, it means Devices that are Azure AD joined are owned by an organization, and are signed in with an Azure AD account belonging to that organization. They exist only in the cloud.
o Windows 10
o Windows Server 2019 Virtual Machines running in Azure (Server core is not supported)
Reference: https://learn.microsoft.com/en-us/azure/active-directory/devices/overview
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Thanks for reply. If I use a GPO they will still be AD registered and not AD Joined ?
/Andy
To use the GPO to enroll AD joined devices, they need to be Hybrid Azure AD Joined first. A good post explaining exactly what Hybrid Azure AD Join is here https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/ and to look at using GPO to enroll AD joined devices https://learn.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy