question

MaheshMahi-7462 avatar image
MaheshMahi-7462 asked ·

Hybrid Azure AD join for windows 2019 Servers

Hi There,

We are upgrading our infrastructure to Windows 2019, as part of that we are evaluating new features offered with windows 2019/2016, azure and how we can benefit by adopting them. Few questions around Hybrid Azure AD join windows 2019.

  1. I understand microsoft supports hybrid azure ad join for server 2019. What are the real uses cases where I need to consider hybrid azure ad join for servers. Yes we can use conditional access On Hybrid devices, but we don’t use servers for accessing applications. What benefits you strongly recommend with device being hybrid.

  2. Does server core 2019 supports hybrid azure ad join? Microsoft states “Server Core OS doesn't support any type of device registration.“ what does this mean?
    https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

  3. Any specific requirement from server hardware to be able to join hybrid azure ad? Like TPM etc

azure-ad-hybrid-identity
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShashiShailaj-MSFT avatar image
ShashiShailaj-MSFT answered ·

Hello @MaheshMahi-7462 ,

The biggest benefit hybrid Azure AD join is that it helps the users through single-sign on across your cloud and on-premise resources. I will answer rest of your questions one by one.

  • If you have a User who has some work which require them to have Windows server 2019 on their workstations and use this member server as their primary machine then they need SSO working on this machine if you have a hybrid environment . In this case you should go for doing a Hybrid Azure AD join of windows server 2019 . Apart from that I can not think of a use case because generally there is account separation in organisations where administrator accounts to logon to servers are different than normal user accounts for audit and compliance purposes.

  • As you have already seen the Hybrid Azure AD join article's unsupported scenario's section ,Server core version of any OS is not supported. Its becasue there are some User level components required for cloud single sign on which are part of Desktop experience feature set and not available in the core OS mode of operation.

  • No , there are no such requirements for server hardware as it would depend on the user's need as to what they want and why they would like to use a Server OS as their daily desktop workstation. Generally I would imagine for some kind of application development specific to server components like containers/Hyper-V/Crypto or anything which is server specific. So I would have at least 32 GB of RAM along with AMD Ryzen 7/Intel i7 8th Gen processor . As far as I know TPM is not required for Joining a Server 2019 OS in Hybrid Azure AD mode but there are some considerations which are listed here.

Hope the above explanations answers your queries. If the information provided helped , please do accept this post as an answer so that it is helpful to other members of the community .

Thank you .


1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you shashishailaj for your reply. We do not have users installed and configured on their PCs with Windows 2019 servers. We use different administrator accounts to login to servers, however those admin accounts also synched to Azure AD. Are there any benefits with this?

Thanks for your confirmation on the Server core part. One of the MS PFE mentioned during Windows 2019 technical session that Server core supports hybrid Azure AD join, however technet document brings a different story, hence I wanted to confirm on this topic. Have you by any chance tested Azure hybrid domain join on Server Core?

0 Votes 0 · ·