Hybrid Azure AD Join Implementation Check

%3CLINGO-SUB%20id%3D%22lingo-sub-803044%22%20slang%3D%22en-US%22%3EHybrid%20Azure%20AD%20Join%20Implementation%20Check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-803044%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20about%20to%20implement%20a%20Hybrid%20Azure%20AD%20Join%20on%20our%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20created%20the%20relevant%20OU's%26nbsp%3B%20%2F%20groups%20for%20users%20%2F%20computers%20that%20I%20need%20in%20Azure%20AD%20Connect%20%2F%20Sync%3C%2FP%3E%3CP%3EThen%20run%20Azure%20AD%20Connect%20and%20configure%20for%20Hybrid%20%2F%20SCP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%2C%20some%20of%20the%20Windows%20devices%20are%20Azure%20AD%20Registered%20status.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20I%20un-enrol%20these%20prior%20to%20running%20the%20Azure%20AD%20Connect%20for%20Hybrid%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20other%20gotchas%20or%20tips%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInfo%20appreciated%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-803044%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1713690%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Azure%20AD%20Join%20Implementation%20Check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1713690%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%26nbsp%3BWe%20are%20in%20the%20same%20situation.%20Did%20you%20implement%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1728027%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Azure%20AD%20Join%20Implementation%20Check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1728027%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F809340%22%20target%3D%22_blank%22%3E%40DNEel%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%26nbsp%3BYou%20should%20not%20remove%20those%20Azure%20AD%20registered%20devices.%20This%20happens%20when%20a%20user%20add%20his%20work%20or%20school%20account%20towards%20his%2Fher%20device.%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20you%20enable%20Hybrid%20Azure%20AD%20Join%20the%20Azure%20AD%20registered%20devices%20should%20automatically%20be%20removed%20when%20a%20device%20become%20Hybrid%20Azure%20AD%20Joined.%3C%2FP%3E%3CP%3EWe've%20implemented%20this%20at%20multiple%20customers%20and%20didn't%20removed%20the%20Azure%20AD%20registered%20devices%20prior%20to%20enabling%20Hybrid%20Azure%20AD%20Join%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Contributor

Hi All

 

I am about to implement a Hybrid Azure AD Join on our tenant.

 

I have created the relevant OU's  / groups for users / computers that I need in Azure AD Connect / Sync

Then run Azure AD Connect and configure for Hybrid / SCP

 

My question is, some of the Windows devices are Azure AD Registered status.

 

Should I un-enrol these prior to running the Azure AD Connect for Hybrid?

 

Any other gotchas or tips?

 

Info appreciated

2 Replies

@Stuart King We are in the same situation. Did you implement it?

@DNEel @Stuart King You should not remove those Azure AD registered devices. This happens when a user add his work or school account towards his/her device. 

When you enable Hybrid Azure AD Join the Azure AD registered devices should automatically be removed when a device become Hybrid Azure AD Joined.

We've implemented this at multiple customers and didn't removed the Azure AD registered devices prior to enabling Hybrid Azure AD Join