Forum Discussion
Migration from Office 365 to Active Directory Domain
You need a local AD in order to use write-back at all..? I'm confused why this was mentioned.
The fact that the "cloud" is "constantly evolving" is the problem. The OP is asking HOW TO and you're replying with "DON'T" - I hate that more than I hate updates in the middle of the day (even though my settings say that shouldn't happen). If you don't know "how to", please don't respond. We're both just trying to get an answer to an uncommon scenario.
O365 Azure AD does not replace what the traditional AD provides. It may work fine for 10 people or less but not for 100 plus with various needs. I'm not removing the advantages of the Cloud services by having an on-prem AD. There's plenty of good reason to use an on-prem file server, not the least of which is quick access to large files. On Prem AD allows you to push out group policies for things like pre-login messages (as quaint as they are), control aspects of the Internet Browser settings and much more. These things are not available in O365 Azure AD only domains.
Users don't change or learn anything new - you should know that if you're in IT. Someone is either a poweruser who knows how to sharepoint or they aren't... (most aren't). This is not something you can change from an IT perspective - if you're not running the whole company there's only so much you can do to train users to do something different.
I've been moving my company to cloud managed devices using InTune and it works just fine, since you can use all ADMX with intune, you have the same GPO functionality and then some now. We are 180+ strong at this point, so 10 users thing gave me a chuckle.
Also I didn't say DON'T, I asked for the scenario and recommended the approach after I had already recommended and told him how he could accomplish what they were doing. Cloud only still isn't 100% there yet, but a mostly Cloud setup is totally viable and setting yourself up now for when it is makes your future transition that much easier. But hey, if you want to keep your skills and your company old school then that's your prerogative.
ChrisWebbTechI think Chris is on the right track. There are certainly options to either approach but all the future development is going into the predictable recurring revenue models that cloud is giving to Microsoft, Google etc..
To clarify one item mentioned earlier you certainly can join/register Windows 10 machines to the Azure service included as part of Office 365 Business Premium. I have done this numerous times. It does not give you all the control an on prem would but you can login with user Office 365 accounts and do some very very basic management (recoverable bitlocker key for example). Full Intune certainly expands on your control options and as Chris said is almost in parity with on prem.
The challenge you have is planning out a path that provides a smooth migration with minimal disruptions for your business. That is probably the bigger picture over if one control methods has which bell or whistle for IT. They both provide a way to manage depending on your skill set but in the end one will be sun setting and the other will be getting improved over time.
- Yeah, I was pointing out to original poster that there is some extra cost to managing via Cloud but it makes up for not needing to build out infrastructure and licensing either. You don't need an E5 but an intune license, but I prefer EMS since the pricing is bearly a dollar more per user and you get Azure AD P1 + Intune in it. Or the best license package is Microsoft 365 E3 which includes E3 + EMS + Windows 10 license.
But if you are talking out of the box, E3 or less only then yes, I would not recommend cloud only :). I meant this cannot be done with the Office 365 Azure AD services included - I believe you need E5 licenses for Intune but if I'm wrong about that I'd love to hear more info.
I'm till looking for good information on how best to setup a new AD (on prem) and sync with O365.
I appreciate your efforts.
