Forum Discussion

Copper Contributor

Feb 10, 2020

Device Migration from On-prem AD to Azure AD

Hello All, We want to migrate our On-Prem AD devices to Azure AD and enroll into intune. We have Azure AD sync and all but needs to convert machine to Azure AD join only not Hybrid AD. So we woul...

Azure Active Directory (AAD)

microsoft intune

Chris-Yue

Iron Contributor

May 11, 2021

Our devices are currently Hybrid Azure AD Joined and I am considering moving new devices over to Azure AD joined to simplify enrolment to Windows Hello for Business and Autopilot.

The only downsides I could see is as follows:

No login scripts will run at sign in when connected to the LAN
No Group Policy control
No granular control regarding local admin rights to the local device (it is all or nothing)

Just wondering if anyone has found any other disadvantages/benefits and what motivated you to consider making the change over to Azure AD Joined?

David Stowers

Brass Contributor

May 14, 2021

Chris-Yue With workforce scattered everywhere using on-prem creds is a challenge. I am a fan of using MECM to enable comanagement and then at the next cycle redeploy the machines with AzureAD only using an autopilot Json file during OOBE to lock in the domain and make sure it is setup for MDM. I have found replacements within Intune for most GPO functions and not getting constantly hung up in whether they are doing sync or async processing simplifies things, especially with them not being on-prem much at the moment.