Nov 24 2018
02:26 AM
- last edited on
Jan 14 2022
05:21 PM
by
TechCommunityAP
Nov 24 2018
02:26 AM
- last edited on
Jan 14 2022
05:21 PM
by
TechCommunityAP
Nov 24 2018 02:54 AM
Nov 24 2018 03:02 AM
Feb 27 2019 05:52 AM
Feb 27 2019 06:17 AM - edited Feb 27 2019 06:18 AM
From 1607 it should work: https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-cur...
a work or school account was added prior to the completion of the hybrid Azure AD join. In this case, the account is ignored when using the Anniversary Update version of Windows 10 (1607).
But you will still see the Azure AD registered device in Azure AD.
From 1809, it will even remove the Azure AD registered device from Azure AD and remove it in the Windows 10 Settings: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-thin...
Any existing Azure AD registered state would be automatically removed after the device is Hybrid Azure AD joined.
This is what we've seen so far during our testing. Let us know how your testing goes.
Feb 27 2019 07:03 AM
Feb 27 2019 11:35 AM
Jul 12 2019 05:13 AM
@JonasBack Just wanted to say thank you for this clarification as I am about to do this for my environment to prepare for an upgrade from O365 (with AD registered devices but not AAD Connect synced) to M365 (with hybrid join and AAD Connect synced). The documentation from Microsoft here says
If your Windows 10 domain joined devices are already Azure AD registered to your tenant, we highly recommend removing that state before enabling Hybrid Azure AD join.
without really explaining the result of not doing this. If the only consequence of this is a doubling up, that's no problem; we'll just delete the redunant ones from AAD via the Azure Portal.
Aug 14 2019 11:35 PM
@Ru We have seen strange behaviors when running a device both Azure AD registered + Hybrid Azure AD joined at the same time when it comes to Conditional Access. For example if we set a rule in Conditional Access NOT to force MFA for Hybrid Azure AD joined it will still sometimes ask for MFA if the device is both.
So I still recommend making sure you don't end up there. Only way we found effective (without manual work on every client) - make sure to update them to 1809+ before starting.
Sep 27 2019 11:09 AM
I'm trying to work through this today. I've set a GPO to set the SCP as I'm attempting a controlled setup against one machine. However, when sync the OU with the computer and the GPO is applied, the machine doesn't appear to do anything and the state of the machine doesn't change from Azure AD Registered to Hybrid Azure AD Joined. Any ideas?
Sep 28 2019 06:41 AM
Feb 07 2024 09:35 AM - edited Feb 07 2024 09:36 AM
| From 1809, it will even remove the Azure AD registered device from Azure AD
Sorry, I know this is old, but do you know how long this takes? I'm testing and my test machine now has two devices in Entra. One is "Microsoft Entra Registered" and one is "Microsoft Entra hybrid joined" and shows the registered date as "pending".
Update: they both now show a date under "Registered". It is no longer pending. This machine just has two accounts now. Will it eventually delete the "Entra registered" account automatically?
This is a Windows 11 22h2 machine.
Apr 06 2024 03:50 AM
Apr 08 2024 07:01 AM
Jun 13 2024 07:20 AM
@ScottCISz In my organization devices are azure ad registered(intune enrolled)+ domain joined .when i enable entra hybrid join it shows dual state like entra registered(intune) and entra hybrid joined.How can i make entra hybrid joined to Intune enrolled and removed the entra registered state.Around 1000 devices are their it is difficult form me to unenroll entra registered device and enroll to hybrid join and intune enroll.