Event details
MicrosoftHi Cuetberg,
A couple of clarifying questions:
- What is the join state of the devices today (on-prem domain join, hybrid-join, or full Entra join)?
- Are the devices managed by anything today (other than MDE)?
- The devices are Domain joined.
- Other than GPOs and MDE there is no endpoint management in place.
- Jason_Sandys
The only supported path to Entra join these devices is to reset the OS or reimage the device. We don't generally recommend doing this for existing devices though and instead recommend hybrid joining them and then using group policy to enroll them into Intune. Once the device is ready for a hardware refresh or some other event necessitates a device reset or reimage, that's the time to run the device through Autopilot and have it become Entra joined (and Intune enrolled).
What's the specific driver for wanting the device(s) Entra joined?
I guessed as much.
What's the specific driver for wanting the device(s) Entra joined?
Device management and taking full advantage of defender, purview, conditional access, windows hello authentication etc. without relying on the on-premises infrastructure. Windows client managed and configured in one space with autopilot deployment.
While it need not be specifically Entra join, avoiding extra infrastructure and complexity to facilitate a hybrid solution would be preferable.- Jason_Sandys
These are all worthy goals and you're definitely aligned with where we want orgs to go. Check out https://aka.ms/cloudnativeendpoints for a lot of additional info as well as Cloud-native Windows endpoints: Begin by beginning.
There's a fair amount of additional collateral as well but these are great starting points.