Azure AD User ID Dependencies for Tenant Attach

I was wondering about Tenant Attach + Azure AD User ID Dependencies. What would be the Azure AD User ID Dependencies for Tenant Attach?
I know from 2103 onwards, the Azure AD user discovery dependency is removed for Tenant Attach. We "just" need to enable AD User Discovery to make Tenant Attach work. 
Let's have a quick go through of very specific requirements that we have interms of user IDs or user discovery records such as:
  1. - AD Domain, from where users are discovered via SCCM AD Discovery, must have AAD Connect configured to sync identities to the Azure AD (to satisfy hybrid identity requirement)
  2. - The user UPN must be the same in both AAD and AD.
  3. - The user must be part of the same AAD tenant attached to Intune.
  4. - The AAD User ID column must be populated with the correct value in the User_DISC table?

 Pic credits to Microsoft


I know the user identities must be synced with Azure AD is the main requirement (that is the same for Exchange Online as well). But I thought there is a difference between the exchange online hybrid identity requirement and the tenant attach hybrid identify requirement. 
So you can enable tenant attach with just a click of a button if you have a well-organized single AD forest/domain. However, if you have a very complex AD structure, it will take time to implement the SCCM tenant attach. It might even not be possible for some organizations to implement tenant attach.
NOTE! - These are not because of Configuration Manager-related issues or limitations but because more user ID and AAD connect sync setup for complex organizations.
0 Replies