Event banner

Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!

Event Ended
Tuesday, Jul 18, 2023, 08:00 AM PDT
Online

Event details

It has been an ongoing debate for the last few years. Should organizations be moving away from Hybrid Azure AD Join if they are moving to the cloud? Most experts say yes. Join the debate as Danny and Steve talk about reasons you may want to stay with Hybrid Azure AD Join. We also welcome guests Susan Taylor and Jason Sandys, who will discuss all the reasons Steve is wrong and why Azure AD (now Microsoft Entra ID) is the solution you seek.

As with every episode of Unpacking Endpoint Management, we are here to answer your questions LIVE so post them below in the Comments below early and throughout the broadcast!

 

RSVP now and add this event to your calendar.

Bookmark https://aka.ms/UnpackingEndpointManagement for links to previous episodes on demand and details on upcoming episodes.

 

Heather_Poulsen
Updated Dec 27, 2024
Web series

34 Comments

  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Jul 18, 2023

    That concludes this episode of Unpacking Endpoint Management for today. Thanks for joining!

    In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and Twitter -- as well as open questions in the Microsoft 365 Community. Here is the question we answered today:

    • From Tech Community -- how do you automatically disable user on aad when users not signed in 30 days on hybrid azure ad joined? - answered at around 18:00
  • MrPhil_1's avatar
    MrPhil_1
    Occasional Reader
    Jul 18, 2023
    is there any way we can automate removing a device from on prem AD and Azure AD joining, i work with a lot of customers and this part is the most time consuming
    • BaconActual's avatar
      BaconActual
      Copper Contributor
      Jul 18, 2023
      Off the top of my head I would say a powershell script to do the domain removal, local account setup, and then provisioning package. Or just reset the device and go autopilot. In my experience there was no reason to force someone to AAD only from on prem and just move to AAD only when the device is refreshed/reimaged.
  • DaneaGalbraith's avatar
    DaneaGalbraith
    Iron Contributor
    Jul 18, 2023

    Think if you are retraining a PC Tech team. What is the equivalent of the \\C$ share? Or the logs for techs to look at for troubleshooting? Do you have some recommendations?

  • bgomes007's avatar
    bgomes007
    Copper Contributor
    Jul 18, 2023
    What about renaming Autopilot-deployed Hybrid Azure AD Join devices since Windows Autopilot Hybrid Azure AD joined devices isn’t particularly flexible?
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Jul 18, 2023

      Thanks for participating in today's Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!! For reference, the panel covered this topic at around 52:00.

  • rejohnson's avatar
    rejohnson
    Iron Contributor
    Jul 18, 2023

    What methods are available to be aware of EntraID joined devices with on-premise AD tools? Co-management seems like one way but other infrastructure support groups can't "see" those devices as they are reliant on AD-based ITIL systems.

    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Jul 18, 2023

      Thanks for participating in today's Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!! For reference, the panel covered this topic at around 47:00.

  • sswank's avatar
    sswank
    Copper Contributor
    Jul 18, 2023
    What is a common technical obstacle you see customers encounter when evaluating a transition to a full Azure AD environment? One obstacle I've encountered is a large, engrained Group Policy library that doesn't easily convert to configuration profiles with the conversion tool.
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Jul 18, 2023

      Thanks for participating in today's Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!! For reference, the panel covered this topic at around 44:00.

    • BaconActual's avatar
      BaconActual
      Copper Contributor
      Jul 18, 2023

      Think of moving to AAD/Entra only an opportunity review what GPO's you have in place and ask why you have them and if you still need them. That move is a great change to start clean and lean.

      • sswank's avatar
        sswank
        Copper Contributor
        Jul 18, 2023
        I like the way you think! I am in agreement. The remaining challenge will be retooling the app-dependent ones that I am confident will be necessary...
  • csaeuberlich's avatar
    csaeuberlich
    Copper Contributor
    Jul 18, 2023

    Just 4 Fun.
    Douglas Adams in The Salmon of Doubt.

    1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
    2. Anything that’s invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
    3. Anything invented after you’re thirty-five is against the natural order of things.
  • MH_YU's avatar
    MH_YU
    Occasional Reader
    Jul 18, 2023
    Can Intune now overwrite GPO? Which type of Intune license required?
    • BaconActual's avatar
      BaconActual
      Copper Contributor
      Jul 18, 2023
      https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict
  • dzaggiel's avatar
    dzaggiel
    Copper Contributor
    Jul 18, 2023
    We are implementing now Hybrid Azure AD Join via Autopilot how we could know that we are ready now to Azure AD Join only?
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Jul 18, 2023

      Thanks for participating in today's Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!! For reference, the panel covered this topic at around 35:00.

    • -KenD's avatar
      -KenD
      Brass Contributor
      Jul 18, 2023
      My recommendation spin up a Cloud only device or W365 instance and see what's missing from your organization's usage or requirements. Typically, detours are required for Certificates, Networking(SMB, Radius), and Policys.
  • David_S165's avatar
    David_S165
    Brass Contributor
    Jul 18, 2023
    We have many programs larger than the 8GB Intune limit that we keep in Software Center for the groups that need it. If we went AzureAD (EntraID) join and not Hybrid, could we still utilize the ConfigMgr client with Software Center to still support those groups?
    • BaconActual's avatar
      BaconActual
      Copper Contributor
      Jul 18, 2023
      I do this for all my AAD/Entra joined devices now, so long as they are onsite still with the SCCM infrastructure then SCCM does all the app deployments.
    • Char_Cheesman's avatar
      Char_Cheesman
      Bronze Contributor
      Jul 18, 2023

      Thanks for participating in today's Unpacking Endpoint Management: Hybrid Azure AD Join should go away! No, it shouldn’t!! For reference, the panel covered this topic at around 31:00.

    • JohannesKristjansson's avatar
      JohannesKristjansson
      MVP
      Jul 18, 2023
      you can contact intune support and get that limit raised. you can absolutely continue to use the configmgr client on your devices, regardless of join type
Date and Time
Jul 18, 20238:00 AM - 9:00 AM PDT