Of course you can.. Legacy apps are always the bottleneck. When you don't have those ones. It depends on how many users you have, but I will advise you to split things up. First you can start with migrating your identity to azure ad by installing azure ad connect first If there is a on premise exchange server left --> move it to exchange online! After your email and identities are mgirated you can migrate your devices to azure ad, of course use autopilot. After your devices are migrated , migrate your devices! https://call4cloud.nl/2021/03/deliver-us-from-hybrid/
Thats good news. yes, we already have Ad sync and using Azure AD and Office 365 for exchange online, MFA, SSO, M365 groups etc. Thank you for your link, love the title. lol.
EDIT: I assume Intune is the one which will control devices in terms of GPs?
