Forum Discussion
Azure AD Conditional Access - Require Domain Joined Device
- Jul 18, 2017Correct, that would be on-prem AD domain-join.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azure AD.
I think they have finally updated the Grant control in the conditional access policy to make it clearer. The desired conditional access policy will only work if the device is Hybrid Azure AD joined. Meaning that the domain joined device is also Azure AD joined (not registered but joined).
I think this article would help in configuring Hybrid Azure AD joined devices.
How to configure Hybrid Azure AD Joined devices
- Joe StockerNov 17, 2017Bronze Contributor
I agree, it is more clear now.
- John MatrixApr 24, 2018Brass Contributor
Has anyone tried the Hybrid domain join implementation? Any negative experiences? Advantages?
- Joe StockerApr 25, 2018Bronze ContributorI've deployed it a few different companies, and it has gone pretty well.
- Christopher DelaTorreApr 25, 2018Copper Contributor
Ever since we enabled hybrid for our company issued computers, its been working really well for us. This is very much useful specially when you exempt Hybrid Azure AD joined devices from your Conditional Access Policy in Intune MDM/Azure AD.