Hybrid Azure AD join for windows 2019 Servers

Mahesh Mahi 46 Reputation points
2020-06-15T13:06:12.667+00:00

Hi There,

We are upgrading our infrastructure to Windows 2019, as part of that we are evaluating new features offered with windows 2019/2016, azure and how we can benefit by adopting them. Few questions around Hybrid Azure AD join windows 2019.

  1. I understand microsoft supports hybrid azure ad join for server 2019. What are the real uses cases where I need to consider hybrid azure ad join for servers. Yes we can use conditional access On Hybrid devices, but we don’t use servers for accessing applications. What benefits you strongly recommend with device being hybrid.
  2. Does server core 2019 supports hybrid azure ad join? Microsoft states “Server Core OS doesn't support any type of device registration.“ what does this mean?
    https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
  3. Any specific requirement from server hardware to be able to join hybrid azure ad? Like TPM etc
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,601 questions
0 comments
Accepted answer
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2020-06-15T14:34:38.807+00:00

    Hello @Mahesh Mahi ,

    The biggest benefit hybrid Azure AD join is that it helps the users through single-sign on across your cloud and on-premise resources. I will answer rest of your questions one by one.

    • If you have a User who has some work which require them to have Windows server 2019 on their workstations and use this member server as their primary machine then they need SSO working on this machine if you have a hybrid environment . In this case you should go for doing a Hybrid Azure AD join of windows server 2019 . Apart from that I can not think of a use case because generally there is account separation in organisations where administrator accounts to logon to servers are different than normal user accounts for audit and compliance purposes.
    • As you have already seen the Hybrid Azure AD join article's unsupported scenario's section ,Server core version of any OS is not supported. Its becasue there are some User level components required for cloud single sign on which are part of Desktop experience feature set and not available in the core OS mode of operation.
    • No , there are no such requirements for server hardware as it would depend on the user's need as to what they want and why they would like to use a Server OS as their daily desktop workstation. Generally I would imagine for some kind of application development specific to server components like containers/Hyper-V/Crypto or anything which is server specific. So I would have at least 32 GB of RAM along with AMD Ryzen 7/Intel i7 8th Gen processor . As far as I know TPM is not required for Joining a Server 2019 OS in Hybrid Azure AD mode but there are some considerations which are listed here.

    Hope the above explanations answers your queries. If the information provided helped , please do accept this post as an answer so that it is helpful to other members of the community .

    Thank you .

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest