Forum Discussion
Solved
Intune Autopilot policies
So, when you have Hybrid Azure AD and you Autopilot the devices into your domain. Do you get all the Group policies to that device applied from your domain.
Hi oryxway390,
the short answer is yes. It is a domain joined device so it wil get the gpo’s. Same as AD joined. Based on how you configure Intune, it will get from both sources policies and this can results in conflict or hard maintenance.
but the main question, is hybrid join really required? Almost all gpo settings can be configured in Intune. Drive mappings can be set via Intune.
My advice go for Azure AD Joined and only Intune. This make your life easier in my opinion.kind regards,
Rene
Ours is Hybrid AD Joined. We do not have SCCM. We use WSUS to push patches, and there are no application pushes as such as of now. We are using VDI environment so all access of applications are through VDI within the device.
As of now we are going to have devices domain joined and Hybrid AAD. So, in such scenarios how is it going to work? Wont the Intune policies/configuration profiles/app push won't it apply?
As of now we are going to have devices domain joined and Hybrid AAD. So, in such scenarios how is it going to work? Wont the Intune policies/configuration profiles/app push won't it apply?
As you mentioned you are going to have hybd aad join so it totally depends upon you how you want to manage the environment it can be using gpo or config mgr standalone or Intune or both. You can refer this article for detailed explanation
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
- Hi Somesh,
You said that you can co-manage. Now, we do not have configuration manager (SCCM/CM) On Prem. But, I am reading something here in one of the location about client installation properties (PROVISIONTS) - So, can we install Configuration Manager client on this newly added device through Autopilot for co-management? Is this still through Intune or ??- Hi John,
Why Hybd AAD Join? If you currently do not have SCCM, then why would you add it to your Infra? The best option is to go for AAD join, as you can manage almost everything from Intune and still access your on-prem resources from a cloud PC.
Br/
Somesh- Yes, that is absolutely correct. I did not want to do that way. But, we are still way years ahead in moving to fully AAD. We have lot of things in OnPrem. Also, most of the OnPrem apps are being used through VDI which is going to be access through these newly Autopiloted devices from OEM.
- Well we do not have config manager. So, we want to make sure that we start managing using Intune. So, when the devices are domain joined (as earlier I worked only with AAD, so this is new for me) I am not sure how having the devices on Prem and managing it through Intune. Will the policies that I create or configuration profiles that I create will be applied to the devices on prem? How can we not allow the GPOs to be applied (just by blocking inheritance to the OU?)
I am a little bit confused as I only worked on AAD. Sorry for my stupidity of asking this.
