Intune - Entra ID Join vs Entra ID Hybrid Join

We faced the same challenge. We have multiple locations worldwide and migrated all computers to a domain via AutoPilot and Hybrid Join.

The reason we didn't opt for an Azure AD Join is that we have many on-premises applications requiring local authentication, such as file servers, web apps via SSO or User certificate authentication, or applications via SSO/LDAP SSO. Additionally, we have many GPOs that aren't fully translatable into Intune.

To do this, we have deployed domain controllers in Azure in different regions: America, Europe and Asia. We have set up a point-to-site VPN with certificate authentication for the allways on VPN. I always say that a hybrid join is still the best option when employees rely often need local resources that require seamless authentication, such as in warehouse or production environments. If many applications require local authentication, or we also have applications where the computer needs account permissions to local file servers etc. then a hybrid join is to be preferred.

But if you have small offices that mainly do their own thing, or use terminal server solutions like AVD or cloud applications, it's fine to just connect to Azure.