I'm curious about how many of you are utilizing Intune and Autopilot for machines that are joined to an on-premises Active Directory. Microsoft suggests avoiding this setup, but it seems there's a strong push for it within my organization. If you've used this approach, what challenges have you faced? Have any of you switched to using Entra joined devices instead, or completely moved away from Autopilot?
2 Answers
I’m still in the validation phase for Entra joined devices, but I currently have hybrid joined devices with Autopilot. The main issues I’ve encountered include setting up always-on VPNs, sorting out certificate issues outside our org, and dealing with firewall requirements. Microsoft's documentation is pretty lacking, which made it a tough six-month process. Overall, I prefer the Entra join experience because it's smoother and usually requires less hassle once it's working. I recommend trying out an Entra joined test laptop to see how it fits into your setup!
We’ve fully embraced hybrid join with Autopilot and it works well for us. It allows us to leverage Intune for what it does best while still using Group Policy for everything else that needs it. It’s a solid balance!
Absolutely, having cloud Kerberos trust can make things a lot smoother for Entra joined devices!