What is Microsoft Entra ID Hybrid Join

Microsoft Entra ID hybrid join is a feature of Microsoft Entra Connect and one of several device registration approaches supported by Microsoft Entra ID. Various features in Azure are only available when using devices that Microsoft Entra ID knows about and can trust – for example, Windows Hello for Business, Fido02 security keys, or device management with Intune. 

While Microsoft Entra Device Registration is a cloud-only, simple device registration, Microsoft Entra ID hybrid join is a feature that can be configured in the Microsoft Entra Connect wizard and applies to domain-joined devices (computers). During a sign-in, a Windows 11 computer (or other suitably configured down-level device – which could be as old as Windows 8) can discover a service connection point configured by Microsoft Entra Connect. This causes a certificate to be generated and synchronized to Microsoft Entra ID by Microsoft Entra Connect. 

As a result, Microsoft Entra ID trusts the device they are using and if Active Directory trusts the user (they can sign in), Microsoft Entra ID authenticates the user without further interaction – the user experiences single sign-on (though subsequently MFA or other requirements may cut in). 

In scenarios where Active Directory users using corporate devices are domain-joined to AD, Microsoft Entra ID hybrid join provides a very convenient, powerful, and secure single sign-on solution. This is unlikely to be sufficient, as there will be situations in which either the user is not an AD user (seasonal workers, students, guests) and/or they are not using a domain-joined device. For these scenarios, another authentication option should be chosen, for example, password hash synchronization (PHS) or pass-through authentication (PTA). 

 

Find out more about Microsoft Entra ID Hybrid Join our Microsoft Entra Connect Masterclass.

Microsoft Entra Connect Masterclass

During the Microsoft Entra Connect Masterclass, you will learn what Microsoft Entra Connect can do beyond its ‘out-of-the-box’ form and investigate its many additional capabilities as well as learn how to configure and maintain it, and which configurations are supported.

 Learn More

 

You can also discover more about the Wizard in Microsoft Entra Connect in this very popular webinar recording.