Hey everyone! We're currently doing a mix of on-prem Active Directory (AD) and cloud identities. Since most of our team is working remotely, managing VPN connections, Group Policy Objects (GPOs), and password resets has turned into a real hassle. I'm considering two options: the first is keeping some on-prem AD servers while letting laptops directly join Entra ID and managing settings through Intune. The second is going all-in on the cloud—no AD servers at all, just Entra-joined devices managed through Intune and SaaS applications. This seems like it could simplify things by reducing server requirements, improving disaster recovery, and eliminating VPN issues. However, I'm wary of potential hidden challenges like app compatibility, legacy dependencies, and complications with hybrid scenarios. For those who have made this shift, what worked well for you, and what issues did you face? Did using hybrid identity make things easier or more complicated? And for those fully in the cloud, what surprises should we be prepared for?
5 Answers
We’ve been transitioning to Entra ID joined devices and using Kerberos Cloud Trust for on-prem workloads. It simplifies a lot of issues, like password changes for remote users and allows for Autopilot. However, shared drives can be tricky—Intune has options, but they aren't perfect. And printers can be a nightmare; Universal Print helps if your needs are basic, but when it fails, it really fails.
If you're dealing with legacy on-prem setups, I'd recommend hybrid joining your devices. Just sync your users from AD to Entra. This way, you get a smoother transition without sacrificing too much functionality for existing on-prem resources.
I’ve worked with lots of organizations transitioning to cloud, and a hybrid setup is often only useful if you're mostly office-based, using many GPOs, and lack application deployment through tools like SCCM. If that's not your scenario, switching to fully cloud-managed devices could be much smoother.
Before you go entirely cloud, check that you won’t need AD for anything critical, like NTLM or Kerberos authentication. Many have hesitated to move to the cloud because of file sharing needs, but Azure Files now offers cloud-only identity support, which helps alleviate some of those concerns.
Don’t forget about planning for legacy workloads that might still need on-prem resources. Make sure your permissions and migration plans are geared towards Entra identities. Network services like DHCP and DNS are also important—you'll want to revamp your architecture to support your new cloud strategy.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures