Forum Discussion
Best way to deploy intune? My machines arent hybrid ad joined yet, just Registered.
Hello,
I'd like some comments on how you would deploy intune:
On-prem environment with AD controller but with remote users byod also.
AD Connect installed synching users and Computers, hybrid AD join NOT configured.I
Is setting up a mechanism like federation or SSO to on prem mandatory when enabling the hybrid ad join?
Is this the best way in my scenario? I see a lot of catches.
I also tested out that you can set users machines to enroll to intune when they sign in to ms office.
It worked fine for me but i saw its optional and from what i see users need to logoff and back in to office for it to work? also i guess this wont work with users using web office..
I just want the easiest way to get them intune managed and im a little afraid of the hybrid ad join because of the catches listed in this article: https://learn.microsoft.com/en-us/azure/active-directory/devices/device-join-plan
3 Replies
- If i was at this crossroad... just Entra managed (AADJoin not HAADJ!!!)
With the azure ad connect in place and syncng the users... you have the requirement for sso to access on prem stuff from aadj devices (kerberos auth)
So my advice, take the good road and focus on using to enroll those devices into AADJ only (not domain/haadj ) Wipe/reload.. let them ernoll with autopilot- why not HAADJ? seems like way more complicated to wipe reload everything
- It depends... as you still need to do the same later on.... moving from haadj to aadj... so why not doing it before you need to think off gpo vs intune settings... moving your workloads over... what about new devices... ? i assume those are definitely not going hybrid?
