0

We have a hybrid active directory set up between our servers held in a DC and our Azure AD.I am currently working on the configuration of our Autopilot and Intune deployment. At the moment we deploy new laptops manually, so I am looking at our configuration to make it more of a white glove experience.  

The devices will have line of sight access to a DC via a point to site VPN connection, but at the time of onboarding, they will not have line of sight access to the DC.

Am I better off just joining these devices to Azure AD rather than Hybrid joining them?  I understand that as we have AAD Connect setup, devices that are Azure AD joined should be able to access all resources in our "on prem" domain, is this correct?

Or should I still try and hybrid join the devices?  Will the devices pick up on prem GPO or will I need to move GPOs into Intune?

Thanks.

AngryDog
  • 21
  • 1
  • `at the time of onboarding, they will not have line of sight access to the DC.` The ability to perform offline domain joins has existed for over ten years, no access to domain controllers required. However, most organizations don't have the appetite for the minimal automation required. I would focus on the AAD options. – Greg Askew May 22 '23 at 15:21
  • Thanks for your reply, Greg. We certainly have the appetite for as much automation as possible. I am open to both HJAAD and AAD, whichever will work best for us and cause minimal impact to our end users. – AngryDog May 22 '23 at 15:45

1 Answers1

0

I would evaluate your environment to evaluate the actual need of having devices Hybrid joined vs. just AAD joined. There are very few instances where an AD device object is needed for anything.

We have a hybrid domain enviornment and are moving all new devices to AAD joined only. All the domain services that are needed such as File Shares, Printing, etc are all user based not device based.

GarudaLead
  • 181
  • 1
  • 1
  • 7