In this blog post, I will show you how to enable Hybrid Azure Active Directory Domain Join.
About Hybrid Azure AD Domain Join
The reason companies would opt to Hybrid domain join is mainly for device management purposes and more specifically Microsoft Intune.
Once Windows 10 machines are hybrid Azure AD joined, we can enroll them to Microsoft Intune and manage them remotely.
With MS Intune, we can:
Apply security polices
Deploy compliance policies
Manage access to applications using Azure Active Directory conditional access
Encrypt data on Windows 10 machines
Enable MFA on devices
The list goes on and on, but I think I covered most of the items.
Enable Hybrid Azure AD Join
To enable Hybrid to join, we need to use Azure AD Connect.
If you are in Hybrid Azure AD, you probably have Azure AD connect.
Click on the Azure AD Connect icon and modify the configuration using the edit option.
From the Device options page, tick the Configure Hybrid Azure AD join and click next.
In the Device operating systems, tick the Windows 10 or later domain-joined devices and click Next.
The change will trigger full sync so wait for the sync to finish.
To test if Hybrid Azure AD Domain joins is working, open a Windows 10 machines that are included in the sync OU and run the command below.
The important part that matters in the output is that AzureAdJoined value is set to YES.
In the Azure AD devices console, the machines should show the Hybrid Azure AD Joined under join type.
To remove a machine from hybrid join run the following command and the process will start again.
dsregcmd /debug /leave