I recently started a new role as a Microsoft 365 admin, and my company is planning to roll out Microsoft 365 applications. They want me to set up Teams policies and eventually transition to SharePoint. They're even considering using Intune down the line. Currently, they're using Exchange Online, so we have users already on the tenant. However, the devices are domain-joined, and they haven't set up sync between Active Directory and Entra, which raises some concerns for me.
I suggested implementing AD sync to enable hybrid identities, which I believe would simplify things for both us and the users, allowing them to have a single set of credentials for cloud and on-premises applications. But they dismissed my thoughts, claiming that it's unnecessary and would complicate the environment. They've also stated that there are inconsistencies between UPNs and SMTP addresses in Entra. I perceive that matching those is crucial for successfully converting to a synced setup.
My main question is—who's misunderstanding the situation here? Am I wrong for thinking setting up this sync is a logical step to a smoother integration with Entra and avoiding future headaches?
2 Answers
I totally get where you’re coming from. Without a hybrid or Entra join, Intune won’t really work effectively. If they aren't willing to listen to your expertise, I’d start looking for a new job. You're not there just to follow orders; you're meant to implement solutions that work.
There's really no compelling reason not to sync. It seems odd that they wouldn't want to simplify the user experience by allowing everyone to use a single set of credentials. If you're the M365 admin, it's your job to guide them, and if they're ignoring your advice, it might be time to reconsider your position there.
Yeah, it sounds like they're setting you up for failure. You're there to offer expertise, so if they won’t take it, what's the point?