@oryxway390 

Your description doesn't provide enough information to answer with any confidence, but here's some basic guidelines.

• If you application supports claims, you operate AD FS already and the application does not need to authorise the device, then you can most likely stick to native Azure AD joining rather than hybrid-joining;
• If your application uses Windows-integrated authentication and:
  • Requires device authentication, then you will need to adopt the hybrid domain-joining posture; or
  • Does not require device authentication, then you can still opt for an Azure AD-joined approach, but there are some additional configuration items and user-facing impacts to consider. As such, you may simply find choosing the hybrid-join model easier to navigate - you'd have to weigh up the pros and cons of each yourself;
• If your application uses local application authentication and definitely has no direct or indirect dependencies on Windows-integrated authentication (including not using device authentication), then you almost certainly can stick to Azure AD joining.

Have a read of the following single sign-on article, paying particular attention to the "prerequisites", "what you get" and "what you should know" sections:

• How SSO to on-premises resources works on Azure AD joined devices - Microsoft Entra | Microsoft Lear...

Some additional configuration and user-facing constraints around Azure AD joining are mentioned in the following article:

• Plan your Azure Active Directory join deployment - Microsoft Entra | Microsoft Learn

Cheers,

Lain