stdcsb​ There are a number of reasons where Entra-joined is better than hybrid-joining a device. Mainly, the device works anywhere there is an internet connection: whether in the office or out of the office, and you can enable Conditional Access, MFA, and other Zero Trust principles even without relying on an on-prem infrastructure.

To your question on what are the known issues with Hybrid-joining during Autopilot that make us recommend Entra-joined instead, there's only one main issue and that's the VPN configurations necessary to enable Hybrid-joining during Autopilot. But the reason for our recommendation isn't so much an Autopilot reason but more of a 'moving from hybrid joined to Entra-joined requires a device reset' and since Autopilot is provisioning a brand-new or resetting an existing device, this is the perfect place to take advantage of the new device being Entra-joined. And once it's Entra-joined, then you get the other benefits, such as those I listed above.