I'm currently managing a hybrid Active Directory setup for both devices and users. We're relying on a mix of on-prem file shares and VMs, as well as cloud apps, with a slowly growing footprint in Azure. I'm aiming for a future where everything is 100% Entra, but I'm debating whether it's a good idea to start by migrating just our workstations to Entra for now or if I should wait and do a full migration of both users and devices later. One major reason for considering this move is to explore Autopilot, which I've heard can be tricky in a hybrid environment, as well as managing endpoints through Intune instead of depending on Group Policies and a spotty VPN. I'm also interested in understanding any significant pros and cons of making this move.
4 Answers
I've had positive experiences with Entra AD; it integrates well with on-prem file shares and print servers. Just keep in mind that on-prem SSO might not work unless you let users type in their credentials. Password management is a breeze compared to what we used to deal with!
Starting with just your workstations can be a smart move! We went that route by moving new laptops over to Entra-only and it really helped us identify issues early on. We faced some trouble with Kerberos authentication to our on-prem file shares, but we piloted a few users first and learned a lot without too many hiccups. Just try to test the waters with a couple of devices first before diving in completely!
I’m just looking for solid reasons to convince my management that moving to Entra is worthwhile. I’m on the fence about the approach due to the existing mess with Group Policies.
We're also in a hybrid environment, but we're pushing all new laptops towards Entra joined with Autopilot. It's been generally pleasant! Just pilot some devices initially to sort out any bugs before full deployment. This approach seems to be becoming the standard.
From what you've described, moving your devices to Entra-joined first is a smart and strategic approach. It helps tackle your current issues with Autopilot and improve Intune management for remote users. Think of it as a phased plan rather than a full overhaul at once. This way, you minimize disruptions and can learn as you transition to modern management tools effectively!
Thanks for that insight! So, was the on-prem authentication pretty inconsistent, or was it mostly a smooth ride besides the initial issues?