Forum Discussion
How does computer objects synchronize to Azure AD for Windows Hello for Business?
It depends on your scenario, and if you're on a "Federated" scenario you need to use Azure DRS to get the benefit of conditional access policies and integration across Office, Intune and other Microsoft cloud services.
Azure DRS is used to register the devices and publish the necessary device certificates to clients. Once it occurs you've got the capabilities of Azure AD Conditional Access policies.
If you're working with the "Managed Domains" scenario you don't need the Azure DRS because you need to use the process of SCP within AAAD Connect.
The sync rules are part of the filtering options and created by defaults, and it's recommended not to change these rules.
For your questions, it's based on Azure DRS and ADFS, and to make a long story short, some explanation: the registration with Azure AD is the same as with ADFS, but the client is reporting to on-premises instead with the DRS in Azure AD. When a device receives an answer from the DRS in ADFS then the device will get a user certificate and the computer object of that specific device will be updated with the ID of this user certificate. After that, the computer object will be sync with Azure AD.
More information
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual