Forum Discussion

oryxway390's avatar
oryxway390
Brass Contributor
Aug 02, 2022
Solved

Intune Autopilot policies

So, when you have Hybrid Azure AD and you Autopilot the devices into your domain. Do you get all the Group policies to that device applied from your domain.

Intune
  • Mr_Helaas's avatar
    Mr_Helaas
    Aug 03, 2022

    Hi oryxway390,

     

    the short answer is yes. It is a domain joined device so it wil get the gpo’s. Same as AD joined. Based on how you configure Intune, it will get from both sources policies and this can results in conflict or hard maintenance. 


    but the main question, is hybrid join really required? Almost all gpo settings can be configured in Intune. Drive mappings can be set via Intune. 

    My advice go for Azure AD Joined and only Intune. This make your life easier in my opinion.

     

    kind regards,

     

    Rene 

10 Replies

  • somesh_pathak's avatar
    somesh_pathak
    Iron Contributor
    Aug 03, 2022

    Hi oryxway390 , if your Autopilot devices are AAD Join only then, they will get everything (configurations, policies, restrictions, scripts, apps, etc) from Intune only. Whereas in the case of Hyb AAD Join device, it depends on the workloads:

     

    1. If all workloads are with SCCM, the device will get GPOs.
    2. If all workloads are with Intune, then the device is completely managed by Intune (consider using MDMWinsOverGP along with it
    3. If you transition the device configuration workload to Intune, it will get MDM policies, but you also might have to use MDMWinsOverGP in case of conflict in policies if you want to use MDM policies.
    • oryxway's avatar
      oryxway
      Iron Contributor
      Aug 03, 2022
      Ours is Hybrid AD Joined. We do not have SCCM. We use WSUS to push patches, and there are no application pushes as such as of now. We are using VDI environment so all access of applications are through VDI within the device.

      As of now we are going to have devices domain joined and Hybrid AAD. So, in such scenarios how is it going to work? Wont the Intune policies/configuration profiles/app push won't it apply?
      • somesh_pathak's avatar
        somesh_pathak
        Iron Contributor
        Aug 03, 2022
        As you mentioned you are going to have hybd aad join so it totally depends upon you how you want to manage the environment it can be using gpo or config mgr standalone or Intune or both. You can refer this article for detailed explanation
        https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
  • Mr_Helaas's avatar
    Mr_Helaas
    Iron Contributor
    Aug 03, 2022

    Hi oryxway390,

     

    the short answer is yes. It is a domain joined device so it wil get the gpo’s. Same as AD joined. Based on how you configure Intune, it will get from both sources policies and this can results in conflict or hard maintenance. 


    but the main question, is hybrid join really required? Almost all gpo settings can be configured in Intune. Drive mappings can be set via Intune. 

    My advice go for Azure AD Joined and only Intune. This make your life easier in my opinion.

     

    kind regards,

     

    Rene 

    • oryxway's avatar
      oryxway
      Iron Contributor
      Aug 04, 2022
      Thank you Helaas. I think I would want to let my management know to take the Azure AD route.
      • Mr_Helaas's avatar
        Mr_Helaas
        Iron Contributor
        Aug 04, 2022

        Hi oryxway 

         

        Happy to help, If your question is answered, please mark the topic as completed to mark an answer as the solution. 

         

        Kind regards.

         

        Rene

Resources