Configure Hybrid Azure AD Join (To get ready for Cloud Only!)

Рет қаралды 10,020

Жыл бұрын

Hybrid Azure AD join has only one use - to help you move to Azure AD join.
If you already have Hybrid Azure AD join configured and working via Azure AD Connect, you don’t need to watch this video.
If you don’t already have Hybrid Azure AD join (also referred to as Device Registration) configured, then this video might help you out.

Пікірлер: 20

@tharagz08 Жыл бұрын

Clean, concise video. I look forward to hearing about the ways you'd then convert this device into a cloud-only state

@theCMC Жыл бұрын

A video covering a possible option is being released today 😀

@user-ey6ny4wo4v 9 ай бұрын

Excellent, as always.

@kozemachmad5153 4 ай бұрын

Hi Sir, nice tutorial, can we do ad connect installation when on prem domain is abc and azure domain is abcd? -- different domain.

@joshvincent4059 Жыл бұрын

Would you need the computer OU synced before enabling the SCP?

@ozrahman126 9 ай бұрын

Does this method sync all devices in Active Directory?

@Hero332 Жыл бұрын

Does Microsoft provide public facing documentation? And we would love to get rid of on prem AD soon😅

@vinu85 Жыл бұрын

When I first install and then launch Azure AD Connect on server it doesn't show up the "tasks" page to configure Azure Hybrid join. It's totall absent and all other pages show up. What am I doing wrong.

@williamkass9057 Ай бұрын

If I have a user that isnt located within the Office(DOmain LAN) but has a company laptop that was joined to the on-prem domain when the laptop was setup in the past. If I migrate my infrastructure to Azure AD how am i able to get the aformentioned user endpoint to join the new AZURE AD domain with out making the user go to an office lan.

@theCMC Ай бұрын

Let me understand this a bit more… Device = Domain Joined User = Hybrid / Synchronized to Azure AD In this case, for this device, just enable Device Registration in Entra ID connect (as shown in this video). This gives the device Cloud enabled features, and costs nothing. When you rebuild the device in future, or ship a new one, make it Cloud Native (also called Cloud Only, Azure AD Joined, Entra Joined) via Autopilot.

@OldFellaDave Жыл бұрын

What's the downside of allowing Hybrid join for On-Prem devices? Thinking about utilising Microsoft Endpoint Security rather than shelling out for Sophos Intercept X Advanced for another year, but this would mean going down the route of Hybrid Azure Join and Intune as well. What are the negative impacts for On-Prem PC's and Devices - not including licensing, I have plenty of those.

@theCMC Жыл бұрын

That is a great question, and actually I cannot think of a single downside. To that end, I asked BingGPT. They said: One downside of hybrid Azure AD join is that you need to enroll your devices in a network where a Domain Controller is present. Without this connection, devices become unusable. Another downside is that you need to reconfigure your current GPOs in to Intune configurations. Thankfully, both of these arguments are lies, so even BingGPT can't think of a downside.

@theCMC Жыл бұрын

There is the question of... is Defender for Endpoint P1 an equivalent of the Sophos product, which I can't help with directly. If you would like to discuss in more detail, reach out to me on LinkedIn (www.linkedin.com/in/deanellerby/) and I'd happily dive deeper :-)

@CGRealStudios Жыл бұрын

What about using the automatic GPO enrollment?

@theCMC Жыл бұрын

Yep, you can totally do that. And probably should! This video was specifically about getting the devices into Azure AD via AAD Connect.

@ranjithkumarduraisamy4728 Жыл бұрын

Thank you for the lot of key points. Is this way works for the AVD Pools, Multi session avds?

@theCMC Жыл бұрын

@@ranjithkumarduraisamy4728 Honestly, no idea! This is specifically around user identity SSO, so I'm not sure it's related.

@ranjithkumarduraisamy4728 Жыл бұрын

Np. Thank you for your timely response. :)

@srikanths651 Жыл бұрын

Awesome Video.... Thank you so much... don't mind.... shall I know how to create custom Coplaint policy .... saying that only these specific software installed client machines should show as Complaint and all other devices Should be in Non-Complaint.. please share if any links or videos are available on this. Now we have the situation to add the specific software Systems should be in Complaint....