Summary
Microsoft Entra ID is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services, such as Microsoft 365, Dynamics 365, Microsoft Azure and third-party services. This article explains the different join types.
Body
Microsoft Entra ID is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services, such as Microsoft 365, Dynamics 365, Microsoft Azure and third-party services. This article explains the different join types.
Note: See the “Scenarios” section in each linked document for information on the situations where the join type should be used.
Entra Registered
https://learn.microsoft.com/en-us/entra/identity/devices/concept-device-registration
This is primarily used in BYOD (Bring Your Own Device) environments. It should not be used to manage devices with Intune at UGA. There is an enrollment restriction policy in place that prevents users from enrolling personal devices with Intune. Personal devices can create device records in UGA’s Entra ID tenant to access cloud resources (e.g., Office 365), but they will not be enrolled into Intune and be subject to IT management.
Entra Joined
https://learn.microsoft.com/en-us/entra/identity/devices/concept-directory-join
This should be the default join type for all new deployments at UGA (new or reimaged devices). It allows for the greatest amount of device management capabilities with no other moving parts or infrastructure modification. Devices can be Entra-joined using Windows Autopilot and provisioning packages.
Entra Hybrid Joined
https://learn.microsoft.com/en-us/entra/identity/devices/concept-hybrid-join
This join type is a practical choice to quickly enroll all existing devices with Intune using group policy. This is a beneficial choice in the short-term but should not be used for new deployments unless there is a reason that needs a device being domain-joined. Hybrid-joined devices also face certain limitations (e.g., not being able to rename a device through Intune and requiring more On-Prem configuration to use Windows Hello authentication).