I was wondering about Tenant Attach + Azure AD User ID Dependencies. What would be the Azure AD User ID Dependencies for Tenant Attach?
I know from 2103 onwards, the Azure AD user discovery dependency is removed for Tenant Attach. We "just" need to enable AD User Discovery to make Tenant Attach work.
Let's have a quick go through of very specific requirements that we have interms of user IDs or user discovery records such as:
- - AD Domain, from where users are discovered via SCCM AD Discovery, must have AAD Connect configured to sync identities to the Azure AD (to satisfy hybrid identity requirement)
- - The user UPN must be the same in both AAD and AD.
- - The user must be part of the same AAD tenant attached to Intune.
- - The AAD User ID column must be populated with the correct value in the User_DISC table?
Pic credits to Microsoft
I know the user identities must be synced with Azure AD is the main requirement (that is the same for Exchange Online as well). But I thought there is a difference between the exchange online hybrid identity requirement and the tenant attach hybrid identify requirement.
So you can enable tenant attach with just a click of a button if you have a well-organized single AD forest/domain. However, if you have a very complex AD structure, it will take time to implement the SCCM tenant attach. It might even not be possible for some organizations to implement tenant attach.
NOTE! - These are not because of Configuration Manager-related issues or limitations but because more user ID and AAD connect sync setup for complex organizations.