Forum Discussion

oryxway390's avatar
oryxway390
Brass Contributor
Aug 02, 2022
Solved

Intune Autopilot policies

So, when you have Hybrid Azure AD and you Autopilot the devices into your domain. Do you get all the Group policies to that device applied from your domain.
Intune
  • Mr_Helaas's avatar
    Mr_Helaas
    Aug 03, 2022

    Hi oryxway390,

     

    the short answer is yes. It is a domain joined device so it wil get the gpo’s. Same as AD joined. Based on how you configure Intune, it will get from both sources policies and this can results in conflict or hard maintenance. 


    but the main question, is hybrid join really required? Almost all gpo settings can be configured in Intune. Drive mappings can be set via Intune. 

    My advice go for Azure AD Joined and only Intune. This make your life easier in my opinion.

     

    kind regards,

     

    Rene 

somesh_pathak's avatar
somesh_pathak
Iron Contributor
Aug 03, 2022

Hi oryxway390 , if your Autopilot devices are AAD Join only then, they will get everything (configurations, policies, restrictions, scripts, apps, etc) from Intune only. Whereas in the case of Hyb AAD Join device, it depends on the workloads:

 

  1. If all workloads are with SCCM, the device will get GPOs.
  2. If all workloads are with Intune, then the device is completely managed by Intune (consider using MDMWinsOverGP along with it
  3. If you transition the device configuration workload to Intune, it will get MDM policies, but you also might have to use MDMWinsOverGP in case of conflict in policies if you want to use MDM policies.
  • oryxway's avatar
    oryxway
    Iron Contributor
    Aug 03, 2022
    Ours is Hybrid AD Joined. We do not have SCCM. We use WSUS to push patches, and there are no application pushes as such as of now. We are using VDI environment so all access of applications are through VDI within the device.

    As of now we are going to have devices domain joined and Hybrid AAD. So, in such scenarios how is it going to work? Wont the Intune policies/configuration profiles/app push won't it apply?
    • somesh_pathak's avatar
      somesh_pathak
      Iron Contributor
      Aug 03, 2022
      As you mentioned you are going to have hybd aad join so it totally depends upon you how you want to manage the environment it can be using gpo or config mgr standalone or Intune or both. You can refer this article for detailed explanation
      https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
      • oryxway's avatar
        oryxway
        Iron Contributor
        Aug 03, 2022
        Hi Somesh,

        You said that you can co-manage. Now, we do not have configuration manager (SCCM/CM) On Prem. But, I am reading something here in one of the location about client installation properties (PROVISIONTS) - So, can we install Configuration Manager client on this newly added device through Autopilot for co-management? Is this still through Intune or ??

Resources