I have multiple Surface books which are joined to Azure AD. Users sign into this devices with their Azure AD account information. On-prem AD is also configured, and AD Connect is used to sync AD to AAD. Recently, I used AD connect and this blog post (https://blogs.technet.microsoft.com/microscott/setting-up-windows-hello-for-business-with-intune/) to configure Windows Hello For Business with automatic Azure AD Device Registration, in order to allow for Azure Hybrid joined computers. Note, I am not using InTune, just GPO's. When joining computers to the on-prem domain, everything works exactly as expected - the computer device is automatically registered in Azure, and the machine is joined to on-prem domain. Now, I'm trying to find out if there is a way to get the Surface books which are already joined to Azure AD to join to on-prem / hybrid join without having to migrate the existing user's profile. So far, the only way I have been able to move the computers to on-prem is to remove them from Azure AD by disconnecting the account, then joining to on-prem. This, of course, creates a new profile when I sign in as the original user of the device. Any insight / help is appreciated.
Thanks, Chris. I have used that in the past as well, but an implementation advisor from Microsoft seemed to think there was a method for hybrid joining a device which was already azure ad joined without the need to migrate any profiles.