Windows Enrollment: Hybrid Autopilot Part I

Some organizations still rely upon On-premises Active directory due to multiple reasons like application server, in-house hosted services, etc. In this post, you will learn details about the Windows Autopilot Hybrid Domain Join scenario.

Many of the organizations want to adopt a new benefit from the Azure AD by using Autopilot deployment. But at the same time, they also wish to Windows 10 to be part of Active Directory. Because mainly for Group policy and Application NTLM authentication.

To adopt both On-Premises AD and Azure AD features, Microsoft introduced “Hybrid Autopilot or Hybrid Azure AD Join” Deployment.

This feature allows Windows 10 devices to join On-premises AD and at the same time, Azure AD Joined with the support of Endpoint Manager, by deploying a Hybrid Autopilot profile from the Endpoint manager.

The entire Windows Hybrid Autopilot configuration process is divided into two parts. As the name suggests it’s a Hybrid setup. Hence, part one includes setting up the cloud part of it and the second will cover the on-premise part of it.

In this blog we will talk about the part I i.e. How to deploy Hybrid Autopilot profile from the Endpoint Manager.

Part-1 Hybrid Autopilot profile deployment from the Endpoint Manager

Login to Endpoint Manager: http://endpoint.microsoft.com/

Select Device from the left panel > Select Windows under By Platform >Select Windows Enrollment >Select Deployment Profiles.

In the Deployment profile fill the required fields

Basic Page > Type a Name and, optionally, a Description.

Out-of-box experience (OOBE) Page >

For Deployment mode, select User-driven.

In the Join to Azure AD as box, select Hybrid Azure AD joined.

And Configure the OOBE options as needed and create a profile.

Scope tags Page>Select Default or select the required.

Assignment Page> Select autopilot device group.

Review + Create Page> verify the required fields and click Create Button.

For Hybrid Autopilot we need an additional configuration profile, the devices which are onboarded on the Azure AD database need to be registered on prem as well. In order to achieve the same, we deploy a configuration profile knows as Domain Join Profile. This profile includes three settings:

1. Domain name
2. Organization Unit path
3. Computer Name

Select Device from the left panel > Select Windows under By Platform>Select Configuration Profiles.

            In the Configuration Profile Window, click Create Profile (see below image for reference)

• Select Windows 10 and later.
• Profile type: Select Domain Join.
• Click Create.

In the Domain Join Configuration Window, fill the fields as required*(see below Image for reference).

• Basic > Type a Name and, optionally, a Description
• Configurations Settings page > Provide a Computer name prefix, Domain name, and (optional) Organizational unit in DN format.
• Scope tags >Select the Default or required Scope tag
• Assignment >Select autopilot device group
• Select the Applicable Rules.
•  Review and Create the Domain Join Profile

After completing the profile creation Import/upload the Hardware Hash in the Autopilot devices.

Wait for some time to assign the Hybrid Autopilot Deployment profile to the Autopilot device.

Confirm the Device profile status and read part II. ?

Oh yes, we will continue the on Premise configuration part in Part II of this Blog post. Stay tuned!!