Forum Discussion
Azure AD Conditional Access - Require Domain Joined Device
Does the ‘Domain Join’ checkbox in Azure AD Conditional Access require Azure AD Domain join, or does it mean on-premises Domain Join? The attached screen shot says ‘Not Azure AD Domain Join’ but the ...
- Correct, that would be on-prem AD domain-join.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azure AD.
I think they have finally updated the Grant control in the conditional access policy to make it clearer. The desired conditional access policy will only work if the device is Hybrid Azure AD joined. Meaning that the domain joined device is also Azure AD joined (not registered but joined).
I think this article would help in configuring Hybrid Azure AD joined devices.
How to configure Hybrid Azure AD Joined devices
I agree, it is more clear now.
