Microsoft
Microsoft
Microsoft
>>It is true that Windows LAPS can either save secrets to Entra ID (GPO says Azure AD) and local AD DS.
It is either Entra ID or local AD DS and not both.
>>The announcement of Merill reads like Entra ID is required. I understand that yours and Merill's announcement focus on Windows LAPS for Entra ID, but should differentiate that is also possible to use it on-premises only for Windows Server and, if one wants to also Windows Client.
The announcement focuses primarily on Entra ID support for Windows LAPS.
>>What is the preferred procedere to join Windows Server to Entra ID only or Hybrid?
>>Asking because Windows Server Core (GUI less) doesn't offer dsregcmd, very unfortunately.
We do not support Microsoft Entra hybrid join on Windows Server Core SKU.
>>can we bring dsregcmd to Windows Server Core for feature parity. It exist on the GUI variant?
I can follow up, but this decision was based to minimize footprint.
>>I could imagine that joining Windows Server through Azure Arc is enough to make it hybrid joined. Is it? How about Entra Only, is it possible?
Arc enabling Windows Server and Microsoft Entra hybrid join are two different things and independent of each other. You can make an Arc enabled Windows Server (if it is domain joined), a Microsoft Entra hybrid join device, assuming it is a supported SKU. For list on unsupported scenarios, see Plan your Microsoft Entra hybrid join deployment | Microsoft Learn
>>Does Windows LAPS work with Entra Directory Services (former Azure AD Domain Controllers)?
No, Windows LAPS is not supported with Microsoft Entra Domain Services.