AZ-104 Certification Notes

Chapter 3.9 - Hybrid Azure AD Joined Devices

Definition
- Joined to on-premises AD and Azure AD requiring an organizational account to sign in to the device
Primary audience
- Suitable for hybrid organizations with existing on-premises AD infrastructure
- Applicable to all users in an organization

Device ownership
- Organization
Operating Systems
- Windows 10, 8.1 and 7, Windows Server 2008/R2, 2012/R2, 2016 and 2019
Provisioning
- Windows 10, Windows Server 2016/2019
- Domain join by IT and autojoin via Azure AD Connect or ADFS config
- Domain join by Windows Autopilot and autojoin via Azure AD Connect or ADFS config
- Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 - Require MSI
Device sign in options
- Organizational accounts using:
  - Password
  - Windows Hello for Business for Windows 10
Device management
- Group Policy, Configuration Manager standalone or co-management with Microsoft Intune
Key capabilities
- SSO to both cloud and on-premises resources
- Conditional Access through Domain join or through Intune if co-managed
- Self-service Password Reset and Windows Hello PIN reset on lock screen
- Enterprise State Roaming across devices

What operating systems can utilize Hybrid Azure AD joined devices?
- MacOS
- Windows 10, 8.1 and 7
- Android
- Windows Server 2008/R2, 2012/R2, 2016 and 2019
What device sign-in options for organizational accounts can be utilized from Hybrid Azure AD joined devices?
- Biometrics or Pattern for other devices
- FIDO2.0 security keys
- Windows Hello for Business for Win10
- Password
What is the primary audience of Hybrid Azure AD joined devices?
- Applicable to all users in an organization
- Suitable for cloud-only premises
- Suitable for hybrid organizations with existing on-premises AD infrastructure
- Mobile devices
What are Hybrid Azure AD joined devices?
- Joined to on-premises AD and Azure AD requiring an organizational account to sign in to the device.