Hybrid Azure Join

Copper Contributor

Hello everyone,

 

we want to use the Hybrid Azure Join

Now my question is, can we use Cloud GPO's (CSP/ADMX) AND On Prem GPO's?

So for example, can I roll out printers via local GPO and software, onedrive settings via Intune from the cloud?

 

Unfortunately I can't find any information here, if Google is not my friend today

 

Best Regards,

 

Phil

3 Replies
Yes, Windows 10 has the possibility to be member of a on-prem active directory domain and MDM managed with Endpoint Manager. In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. In order to add some stability to conflicting scenarios you should configure the CSP policy called ControlPolicyConflict/MDMWinsOverGP.
thanks.
So that means, i can use the Autopilot feature. But i must be in my Company Netzwork for the Domain Join?
After the Domain Join, i can set Policys in Intune and can use my old GPO´s to manage my Computers?

@RauschNauti 

 

Yes. You can perform a user-driven Hybrid Azure AD Join deployment over the internet, using a VPN connection. Otherwise the device need network connection to domain controller for domain join. After domain join the PCs can get GPOs from on-premise and device configuration policies from endpoint manager (Intune).