I was wondering about TenantAttach+ Azure AD User ID Dependencies. What would be the Azure AD User ID Dependencies for Tenant Attach?
I know from 2103 onwards, the Azure AD user discovery dependency is removed forTenantAttach. We "just" need to enable AD User Discovery to make TenantAttachwork.
- AD Domain, from where users are discovered via SCCM AD Discovery, must have AAD Connect configured to sync identities to the Azure AD (to satisfy hybrid identity requirement)
- The user UPN must be the same in both AAD and AD.
- The user must be part of the same AADtenantattached to Intune.
- The AAD User ID column must be populated with the correct value in the User_DISC table?
Pic credits to Microsoft
I know the user identities must be synced with Azure AD is the main requirement (that is the same for Exchange Online as well). But I thought there is a difference between the exchange online hybrid identity requirement and thetenantattachhybrid identify requirement.
So you can enable tenant attach with just a click of a button if you have a well-organized single AD forest/domain. However, if you have a very complex AD structure, it will take time to implement the SCCM tenant attach. It might even not be possible for some organizations to implement tenant attach.
NOTE! - These are not because of Configuration Manager-related issues or limitations but because more user ID and AAD connect sync setup for complex organizations.