Forum Discussion
Intune Management for AD Joined machines
I have a couple of questions regarding Intune Management:
Question 1:
- Our organization currently has devices that are AD domain joined. We aim to streamline device management using Intune without utilizing Entra Hybrid join. Is this feasible?
Question 2:
- In case Hybrid join is mandatory, we have encountered a situation where our devices are showing as "Microsoft Entra hybrid joined" in the Entra portal.
- However, when running the Intune pre-check command "dsregcmd /status," the result for IsUserAzureAD is "NO." This might be due to differences in UPN for users in AD and Entra synced users.
- Despite this, we are able to enroll our devices with Intune.
Will this discrepancy cause issues, or is it acceptable to enroll the devices with Intune?
Thank you for your time and assistance.
1 Reply
Question 1 - it really depends. If you are able to get rid of you GPO's and for example AD site dependencies and perform evrything with MDM configs, scripts and other controls and you do not need your device object in AD to have some functionality that you company dependend on (Radius as an example)? You are able to find an implement the suitable alternatives; then sure you can go Entra joined.
There are tons of great articles out there, on the internet, that describes the detailed considerations, here a greate example of one of those articles:
https://call4cloud.nl/2021/03/deliver-us-from-hybrid/
Question 2 - It is best to fix this, without the AzureAdPrt you will run into problems with Conditional Access, you will not be able to use the grant type devices must be hybrid joined:
and this: https://community.spiceworks.com/t/azure-conditional-access-hybrid-joined-devices-issue/718901
