question

EnterpriseArchitect avatar image
0 Votes"
EnterpriseArchitect asked yannara answered

Best practice scenario when using full Azure AD domain?

Hi All,

I wonder what are the only reason that you are still keeping the OnPremise AD?
Because based on my observation, my Windows 10 workstations can join Azure AD, and then Group Policy can be enforced using Intune agent.

So I wonder what Azure AD cannot do that still require us to use Hybrid Active Directory OnPremise with Azure AD?

Thanks,

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered MarileeTurscak-MSFT commented

There are a lot of things you can do with Azure AD, but it does have some service limits and restrictions.

As you correctly mentioned, with Azure AD Join for Windows 10, you can use Azure AD for logon authentication and conditional access as well as automatic enrollment into Intune for policy management. But Azure AD Join isn't really intended for cloud-only scenarios for the reasons mentioned here.

Things are definitely moving more in the cloud-based direction, though.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered

Basically the only one technical reason is some business App or/and database which requires authentification to the AD which means it is legacy app which cannot be published in Azure or modernize. Everything is doable with pure Intune when you think about Windows 10 customization, lack of GPOs is not the issue. At the end, you have powershell.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.