I need information if it's possible to work simultaneity on-premises Active Directory and Hybrid Azure AD Authentication framework for the endpoint ( Workstation login) ?
My requirement is to achieve , When System/Laptop is trying to login for corporate network then it should use local AD DC authentication while when same device try to login from outside network then it should authenticate with hybrid Azure AD.
What are the Authentication framework for the endpoint will work e.g. Hybrid AD with Azure AD with Duo / MFA ?
In Hybrid AAD, you always authenticate to OnPrem AD, when you’re in the network you authenticate directly to one of the DCs (whether physical/ VM or IaaS). When you authenticate from Outside, the device uses the last locally cached username and password, so in case you changed the password from AD and the device out of the network, you need to connect p2s vpn to update the pc with new password. If you want to have flexibility to login from anywhere without vpn, use AAD (Cloud only environment).
For MFA with DUO, it works with AAD or Hybrid, what do you want to use it for? 2FA for P2S vpn or regular login to Windows PCs?