Preparing Azure AD for Automatic Hybrid Azure AD Join

Perform the following tasks to prepare Azure AD for Automatic Hybrid AD Join:

  1. Installing Azure AD Connect

  2. Configuring Device Options

  3. Configuring Enterpriseregistration CNAME on your DNS server

  4. Enabling Devices to be Registered with Azure AD

Installing Azure AD Connect

Install and configure Azure AD Connect on the Windows Server that you want to make the sync server.

  1. Download AzureADConnect.msi.

  2. Launch AzureADConnect.msi.

  3. Click Customize > Install.

  4. After the required components are installed, the User sign-in page appears. Select Do not configure.

    NOTE:If Azure AD Connect is already installed, you can configure it in Azure AD Connect by clicking Change user sign-in > Next.

  5. On the Connect to Azure AD page, specify your Azure AD global admin account and password.

  6. On the Sync > Connect Directories > Connect to your Active Directory Domain Service page, perform the following actions:

    1. In DIRECTORY TYPE, select Active Directory.

    2. In FOREST, specify the name of the forest.

    3. Click Add Directory.

    4. Select Use existing account.

    5. Specify the Active Directory Domain Services (AD DS) enterprise administrator credentials.

    6. Click Next.

  7. On the Sync > Azure AD sign-in > Azure AD sign-in configuration page, select Continue without matching all UPN suffixes to verified domains.

  8. On the Configure > Ready to configure page, select Start the synchronization process as soon as the configuration completes.

  9. Click Install.

For information about how to install and configure it, see Custom installation of Azure AD Connect.

Configuring Device Options

  1. Run Azure AD Connect.

  2. Under Tasks, select Configure device options.

  3. Click Next.

  4. Specify your Azure AD global administrator credentials.

  5. Select Configure Hybrid Azure AD join.

  6. Click Next.

  7. On the Device operating systems page, select the following options:

    • Windows 10 or later domain-joined devices

    • Supported Windows downlevel domain joined devices

  8. Click Next.

  9. On the SCP page, perform the following steps to configure the service connection point for each forest:

    1. Select the forest.

    2. Select the authentication service.

    3. Click Add and specify the enterprise administrator credentials.

  10. Click Next.

  11. On the Ready to configure page, click Configure.

Configuring Enterpriseregistration CNAME on your DNS server

For information about how to configure Enterpriseregistration CNAME, see Create DNS records for Office 365 using Windows-based DNS.

Enabling Devices to be Registered with Azure AD

  1. Log in to the Azure portal as an administrator.

  2. In the left pane, select Active Directory.

  3. Under Manage, click Devices > Device Settings.

  4. Select All for Users may register their devices with Azure AD policy.

    For more information, see How to manage devices using the Azure Portal.