Devices are ad joined on-prem how do i join to azure ad

Brass Contributor


I have devices that are on prem ad joined.

I have AAD connect synch running but no federation or seamless sign on.

How would i get them joined to also azure ad without impacting anything like GPOs or user experience etc? End goal is to get them into into.

Can i keep my devices to being authenticated from my local on prem domain controller and have them into azure ad for intune management


4 Replies
Yes, what you need is to configure an SCP in AAD connect and get your devices Hybrid joined. You can enable the policy in GPO for automatic enrollment in Intune as well. There are some pre-reqs involved so please have a look at the official docs.

If i do this, will an on prem device use the domain controller as primary authentication mechanism and Azure AD if accessing 0365? and will gpo configured by on-prem ad remain applied?

Yes, authentication will continue against the on-prem AD. Your AD objects will sync with Entra ID allowing you to leverage Azure cloud services. No changes will occur to you existing GPOs. I will suggest to do targeted Hybrid join and test the process before creating an SCP.