In this blog, I will be demonstrating you how to configure Hybrid Azure AD. Once this is configured, you can join your existing device to Azure AD. It comes as a lots of exciting feature of controlling the on-premises devices through Azure and Intune portal.

Benefits of Azure AD Join

Once configured, you can join your devices to Azure AD. This also provides benefit of synchronizing you on-premises yours to Azure AD. As you are already having on-premises Active directory, all users / groups will be visible on Azure AD as well. If you are not interested syncing all users, you can filter it out during the process of configuring.

Azure AD Join supports variety of devices which is not limited to Windows, but also non-Microsoft devices such as iPads and Androids.


Prepare yourself before configuring Hybrid Azure AD

You need to install the AD connector.

You need to enable the devices to be registered. Login to Azure Portal, navigate Azure Active Directory blade and select Devices. On Device pane, select Device Settings.

Under Right Pane, Users may join devices to Azure AD should be selected as All. We can narrow it down to selected users as well by clicking on Selected. Click on Save.

Steps to perform – Configuring Hybrid Azure AD join

Login to Domain Controller and launch Microsoft Azure Active Directory Connect. Click Configure.

On Additional tasks page, select Configure device options and select Next.

On Overview page, click Next.

On Connect to Azure AD page, provide you Azure AD username and password which wil be used to Connect On-premises with Azure AD. Click Next.

On Device options page, select Configure Hybrid Azure AD join, click Next.

On Device operating systems page select Windows 10 or later domain-joined devices, click Next.

On SCP configuration page select your domain. Select Azure Active Directory from the dropdown menu of Authentication Service and select Add. In the Enterprise Admin Credentials window enter your enterprise admin / password credentials. Once done, click Next.

In Federation configuration, click Next.

In Ready to configure page, click Configure.

Once completed, you will see Configuration complete, we can exit now.

Verify Azure AD Join system

Once synchronization completes, you can login with the user who have got Enterprise Mobility and Security E3 or E5 license assigned. Once we login, we can open cmd prompt and run the following command:

Dsregcmd /status

We can see Device State info as:

AzureAdJoined : YES (Confirms we have joined the Azure AD)
EnterpriseJoined : NO
DomainJoined : YES (System is part of On-premises AD)
DomainName : MANBAN (On-premises Domain name)