Forum Discussion
Controlled validation of hybrid Azure AD join
Hi All
Not sure if this should be here or in the Azure AD section.
I'm looking to implement a Controlled validation of Hybrid Azure AD Join / Auto enrollment in Intune via GPO, using the MS guide below as a reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control
My questions are:
- Do I set the GPO to my test deployment OU
- Do I simply remove the GPO from my test deployment OU on successful testing
Would like to hear from anyone who has implemented this
Regards
12 Replies
- From my experience, I just create registry keys and assign them to the devices.
If you are done testing, would you like to remove these devices from AAD/Intune or add all devices to AAD?Hi Buddy
What I would like to do is:
- Hybrid Azure AD Join my devices in my TEST / PILOT / UAT group only
- Once successful
- Apply to the whole on-premise AD domain / devices
Regards
This is the way I do it:
- Create GPO with registry edits and apply to test OU
- If succesfull, delete GPO
- Assign domain wide policy through AAD connect (https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains)
BTW: best make sure all the computers are W10 1803 in order to avoid dual state (https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-controlled-validation-of-hybrid-azure-ad-join)
