Forum Discussion
Convert Azure Registered AD Registered To Azure AD Joined
Hi, Currently I'm in the process of configuring Azure / Intune for user and device management. I've been comparing the different models and it seems to be between Hybrid AD Joined and Azure AD Jo...
Hi,
Thanks for your response. I've gone through the Microsoft documentation detailing this but that isn't the best option when your workforce is already deployed and joined to a local domain.
If there is a local account on the device and your users are logged in I've found you can unjoin the device from local AD and then rejoin device to Azure AD. You'll then be asked to switch accounts and you can log in with your corporate email address.
Users will be prompted by Windows Hello at this stage and asked to set up and login with a PIN. Once the device is locked they can choose to log in with either Password or PIN.
You can disable Windows Hello for Business through GP or MDM.
Microsoft Documentation: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
I'm not sure why this isn't listed as a method/scenario in the documentation but it seems to work just fine. If anyone has any thoughts on why not to unjoin from domain and having user rejoin through Azure AD in Windows Settings please let me know.
Thanks for your response. I've gone through the Microsoft documentation detailing this but that isn't the best option when your workforce is already deployed and joined to a local domain.
If there is a local account on the device and your users are logged in I've found you can unjoin the device from local AD and then rejoin device to Azure AD. You'll then be asked to switch accounts and you can log in with your corporate email address.
Users will be prompted by Windows Hello at this stage and asked to set up and login with a PIN. Once the device is locked they can choose to log in with either Password or PIN.
You can disable Windows Hello for Business through GP or MDM.
Microsoft Documentation: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
I'm not sure why this isn't listed as a method/scenario in the documentation but it seems to work just fine. If anyone has any thoughts on why not to unjoin from domain and having user rejoin through Azure AD in Windows Settings please let me know.
I would recommend you implement a remote control solution; LogMeIn or GoToAssist (or equivalent) and setup a local administrator account; this is necessary to continue to disjoin the workstation from the Windows AD; and again when adding a workstation to Azure AD.
If you have implemented Group Policies, be aware of conflicts if you plan to use MEM to manage the Workstation Configuration, deploy software through Intune. Anti-virus may be a hurdle you may need to cross as well.
As a result, we decided to wipe and fresh deploy a one of our projects. Group policies were created and and in play since Windows 2003
If you have implemented Group Policies, be aware of conflicts if you plan to use MEM to manage the Workstation Configuration, deploy software through Intune. Anti-virus may be a hurdle you may need to cross as well.
As a result, we decided to wipe and fresh deploy a one of our projects. Group policies were created and and in play since Windows 2003