none
Does Azure AD join devices have same on-prem access as AD DS joined devices?

    Question

  • Hi all,

    I am new to Azure AD and EMS so forgive me if my question sounds a bit stupid.

    I read a lot of technical docs and watched tons of MVA video but one aspect is still unclear to me:

    If I join all my Win10 devices to AAD instead of joining them to AD DS will my users still have access to network shares, printers, GPO...?

    I am looking for the best way to make users (and admin) life easier.

    I want my users to be able to join their devices to AAD during the OOBE then get ready to work the same way they did when their machines were AD DS joined. Is it possible?

    Thanks

    Viadeo: Mathieu Ait Azzouzene | Linkedin: Mathieu Ait Azzouzene


    Thursday, March 23, 2017 11:08 AM

Answers

  • Hello,

    if you have a onPrem AD and that AD should life on your computers should also stay on AD domain join.You can join them to AAD in addition to the onPrem domain:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-device-registration

    But if you need this depends on what your are trying to archive.

    What is your scenario ?

    When is comes to O365 and EMS Features you can simply sync your users and maybe groups to AAD by AADConnect, users can than use services like O365 with a SSO experience, no need to joind devices here.

    If you want for example restrict access to those services to managed devices (Device Conditional Access) then you need to register those devices in AAD for example.

    Azure AD does not compare to AD in cases of things like OU, GPOs.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Thursday, March 23, 2017 12:35 PM

All replies