Forum Discussion
Device Migration from On-prem AD to Azure AD
Hi there,
okay, a little bit late, but this results that users get a new profiles. And this action takes a very long time (about 3 hours while changing from local ad to azure ad). There is probably an very long error timeout.
That is not a top solution.
Researching for best practice. Perhaps with SCCM on prem support.
Our devices are currently Hybrid Azure AD Joined and I am considering moving new devices over to Azure AD joined to simplify enrolment to Windows Hello for Business and Autopilot.
The only downsides I could see is as follows:
No login scripts will run at sign in when connected to the LAN
No Group Policy control
No granular control regarding local admin rights to the local device (it is all or nothing)
Just wondering if anyone has found any other disadvantages/benefits and what motivated you to consider making the change over to Azure AD Joined?
Chris-Yue With workforce scattered everywhere using on-prem creds is a challenge. I am a fan of using MECM to enable comanagement and then at the next cycle redeploy the machines with AzureAD only using an autopilot Json file during OOBE to lock in the domain and make sure it is setup for MDM. I have found replacements within Intune for most GPO functions and not getting constantly hung up in whether they are doing sync or async processing simplifies things, especially with them not being on-prem much at the moment.