Hey folks! We're rethinking our endpoint strategy here and I could really use your thoughts. Currently, we have all our devices domain joined to an on-prem Active Directory, but with most of our users working from home, managing this setup has become quite a challenge—especially with all the VPNs for GPOs and password changes getting in the way. I've been reading a lot of Microsoft documentation, and their advice always leans towards going cloud-only. While I see the benefits, I'm looking for some real-world insights before making any moves. Here's what's on my mind:
- What advantages are there, if any, to keeping our on-prem Active Directory?
- Would it be wiser to go for a hybrid join with Intune as a middle ground instead of a full cloud transition?
- If we do move to a cloud-only setup, what challenges can we expect? I've heard there could be potential profile or app disruptions, login issues, or complications with BitLocker and mapped drives, especially given that there's a manual step involved in disconnecting devices from AD.
I'm really interested in hearing experiences from those who've made this shift—lessons learned, horror stories, and any best practices to keep in mind. Thanks for any advice!
4 Answers
I definitely think hybrid is a more practical approach for long-term stability, especially since you might want to pivot later if your needs change. Maintaining a lightweight on-prem environment gives you flexibility for the future. Plus, if you need to switch identity providers down the line, having AD gives you more options without stressing your setup too much.
That sounds smart! Many in my company are worried about what happens if we decide to pivot later.
It really depends on whether you have on-prem servers that you'll still need after moving to cloud AD. If you can entirely shift to tools like SharePoint, then going with a full cloud identity is way simpler. I’ve seen some smaller companies thrive with this approach, and it really simplifies management. Plus, having just decent internet as your infrastructure is a game changer! If you still need access to any on-prem resources, a hybrid setup might be more suitable, as it lets users authenticate without needing constant VPN access.
That's a good point! I'm really leaning towards the full cloud setup, but it's comforting to know there are options based on needs.
Exactly! If the majority of your resources can easily transition to the cloud, then full-on cloud could really streamline everything.
We've recently transitioned fully to Entra+Intune, and it’s been a great relief! During our shift, we did a staggered approach—new devices joined directly to Entra, while slowly migrating the older ones. Sure, it can get tricky during migrations, but we did backup campaigns to help retain user data as we went along. Once we cut ties with AD, we actually saw improved performance and reliability—definitely worth considering if you plan it right!
Definitely! Ensuring user data security during migration is a big deal.
Glad to hear that works well for you! I assume you had a solid plan in place for backups?
I've been managing a hybrid setup, and frankly, if I could start fresh, I might lean to cloud-only, but maintaining AD is still quite useful, especially for older apps. Clients of mine have had a rough time without AD due to dependencies on services that use LDAP or similar protocols. If you must handle legacy applications, hybrid might help ease that transition.
Sounds like a safe route then! We'll definitely have some of those legacy apps sticking around.
Absolutely! You don’t want to throw everything away if it’s still working for you.
Yeah, and if you're using an older system, keeping that hybrid environment allows for smoother transitions for any new integrations.