In this blog post, I will show you how to enable Hybrid Azure Active Directory Domain Join.
About Hybrid Azure AD Domain Join
The reason companies would opt to Hybrid domain join is mainly for device management purposes and more specifically Microsoft Intune.
Once Windows 10 machines are hybrid Azure AD joined, we can enrol them to Microsoft Intune and manage them remotely.
With MS Intune, we can:
- Install applications
- Control Antivirus
- Apply security polices
- Deploy compliance policies
- Manage access to applications using Azure Active Directory conditional access
- Encrypt data on Windows 10 machines
- Enable MFA on devices
- The list goes on and on, but I think I covered most of the items.
- Enable Hybrid Azure AD Join
- To enable Hybrid to join, we need to use Azure AD Connect.
If you are in Hybrid Azure AD, you probably have Azure AD connect.
Click on the Azure AD Connect icon and modify the configuration using the edit option.
From the Device options page, tick the Configure Hybrid Azure AD join and click next.
In the Device operating systems, tick the Windows 10 or later domain-joined devices and click Next.
The change will trigger full sync so wait for the sync to finish.
To test if Hybrid Azure AD Domain joins is working, open a Windows 10 machines that are included in the sync OU and run the command below.
The important part that matters in the output is that AzureAdJoined value is set to YES.
In the Azure AD, devices console the machines should show the Hybrid Azure AD Joined under join type.
To remove a machine from hybrid join run the following command and the process will start again.
dsregcmd /debug /leave