At Inspire 2018, we outlined how you can deploy Microsoft 365 Business for customers with on premises Active Directory and local resources. The Windows device can be configured to be managed by Microsoft 365 Business and access on premises resources in two ways:
Option A: Azure AD Joined Device
This is a configuration where the Windows 10 device is joined to Azure AD while Azure AD Connect is enabled. Learn more about enabling this configuration at http://aka.ms/aadj.
Azure AD Joined Device Configuration
What are the benefits of enabling this configuration?
- Enables Single-Sign-On (SSO) to Azure AD apps and seamless access to on-premises resources even when your device is not connected to corporate network
- Accelerates move to cloud-based infrastructure while reducing on-premises footprint
- Provides self-service experience for joining devices from any location e.g. workers in remote branch office
Option B: Hybrid Azure AD Joined Device
This is a configuration where the Windows 10 device is joined to both Azure AD and on-premises AD while Azure AD Connect is enabled. Learn more about enabling this configuration at http://aka.ms/hybridaadj.
Hybrid Azure AD Joined Device Configuration
What are the benefits of enabling this configuration?
- Enables Single-Sign-On (SSO) to both on-premises and cloud resources
- Provides automatic device registration once you have configured device option using Azure AD Connect
Guidance:
- Azure AD Joined Device configuration is the preferred path for non-domain joined devices
- Hybrid Azure AD Joined Device configuration is the preferred path for existing domain joined devices
- Always consider the Azure AD Joined Device configuration first
- Consider using both: Hybrid Azure AD Joined Device config for existing domain devices and Azure AD Joined Device config for new devices or device refresh
You can review the Inspire session on Microsoft 365 Business Deployment, where the above two options are discussed in greater detail here.
Microsoft
