Hi All,
Just wanted to cross check during a merger & acquisition scenario what is the best approach for Windows Device migration from one forest to another forest.
Option 1: Use any 3rd party migration tool and sync all the users , groups and computers from one forest to another forest and use this Azure AD connect topology "single-forest-single-azure-ad-tenant"
Option 2: Use this topology Multiple forests, single Azure AD tenant to have two forests sync users, groups and computers to single Azure AD tenant.
End goal is to achieve Hybrid Azure AD Join for devices to trigger Conditional Access Policies
Few Concerns around the same:
Since it's a federated scenario will option 2 support Hybrid Azure AD join or not ?
For federated environment and Hybrid Azure AD Join , Is Device Writeback mandatory ? as per Device Writeback article it cannot work