Hi,
Our organaisation is moving to O365 and I'm having problems getting our devices to register as Hybrid Azure AD Joined, instead devices are appearing in Azure AD as Azure AD registered. This is posing problems for Conditional Access.
The Background
I manage a fully self-contained W2008 R2 domain/forest. The tenant we are migrating to is that of our parent company. There is a two-way transitive trust in place between our two forests. Our forest wasn't part of our parent company’s original project when they migrated so the Service Connection Point wasn’t created when they ran the AD Connect wizard to create these in their forest. I have since created the SCP manually.
My question is, are there other considerations I need to be aware of to allow our devices register correctly in Azure AD? Any pointers or advice appreciated.
DSREGCMD /Status returns this:
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : YES
DomainName : MyDomain
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : YES
WorkAccountCount : 1
WamDefaultSet : NO
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
AadRecoveryNeeded : NO
PreReqResult : WillNotProvision