Forum Discussion
Intune Connector installation - Hybrid Azure AD Join
Hi I would like to know whether the Intune Connector that needs to be installed should be installed on separate servers or should it be installed on the domain controllers? Thank you
Hey, it can be installed on DC's and non-DC's, however, your org may not allow installations on DC's so best check your policies. But from a functional level, it doesn't really matter other than your connector must be located fairly close to your DC's so latency isn't an issue. See more: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#before-you-begin
Durrante Thanks Durrante. It looks like Hybrid Azure AD join is only possible with a VPN connectivity? Is that true? Without VPN remote devices would not be joining?
So, I moved to Azure AD join and I am getting an error and this is the error in User Device Registration event log
Next, Is there any enrollment restrictions that could be causing the problem or conditional access?
I see that in the device settings it has around 20 and only couple of users who have permissions to join the domain. Could this 20 devices restrictions causing this issue?
- Yes, connectivity to your domain controllers is needed.
With your 2nd issue, I would suggest looking at your Azure AD device joining permissions and your MDM enrolment user scopes.