Forum Discussion

symm_adrian's avatar
symm_adrian
Brass Contributor
Aug 01, 2019

Help! AWS Microsoft Directory Services, Azure Active Directory, AAD Connect Hybrid Join and Intune..

Bare with me as I'm new to Azure, AWS and O365 services. We work with an MSP that set up our infrastructure and from everything I can tell, we have what would be considered Hybrid. Unfortunately, du...
azure
Joe Carlyle's avatar
Joe Carlyle
Copper Contributor
Aug 15, 2019

symm_adrian 

 

That AWS restriction really doesn't help you, but it's common for managed domains. 

 

The more control you need, the more likely it is you will need your own full domain. Have you a large user/device base? Would it be worth redoing the lot now that you are in control and have a clear vision of what you want and how you want to achieve it? 


Seems like you've inherited two half completed projects!

symm_adrian's avatar
symm_adrian
Brass Contributor
Aug 15, 2019

Joe Carlyle 

Seems like you've inherited two half completed projects!

It certainly feels that way! In their defense, a lot of these decisions were made on the fly to get things up and running. I don't think there was any thought about what the ramifications would be going down the managed AD route.

 

We don't have a lot of devices as we're currently just shy of about 100 users. Some of these users have two devices (a laptop or Surface and a phone). We have maybe 140 devices currently registered into Azure AD. Quite honestly, it wouldn't be a huge deal especially given the benefits that come with having device hybrid azure AD joined. One of the biggest being the automatic enrollment of our endpoints which is an incredibly cumbersome and manual process. 

  • luissoto's avatar
    luissoto
    Copper Contributor
    Jan 25, 2021

    symm_adrian, Did you get any definitive answer from AWS, we are in the same scenario as you, we have AWS directory services and we need to enable Hybrid join.

    • symm_adrian's avatar
      symm_adrian
      Brass Contributor
      Jan 25, 2021

      Hey luissoto, I'm not sure what you're trying to accomplish but we managed to set up Hybrid AAD but with everything I read after this post, you should really try to just go straight to Azure AD joining. All of the group policy concerns I had can supposedly be configured via Azure AD configurations so I don't think there's an issue doing everything in Azure/Azure AD.

       

      There are some challenges in trying to use AWS' Microsoft Managed AD as your administrative rights are restricted and they don't give access to the main Admin account to keep management of the service to a minimum. That was basically the reply I got from AWS.

      • luissoto's avatar
        luissoto
        Copper Contributor
        Jan 25, 2021
        Thank you for your reply.
        We are trying to setup Co-management and autopilot for our company, but I also encounter the same issue as you when trying to configure Azure Hybrid join with AWS managed AD, we need "Enterprise admin" permissions but i was hoping that someone have found a workaround to this issue.
        I am guessing I will need to stick to just having a CMG (Cloud Management Gateway ).

Resources