This presentation aims to demonstrate that migrating from on-premise Windows device management to cloud-based management is possible and outlines the steps Universities should take to accomplish that. Any organization that has windows devices in their fleet likely uses some sort of domain binding to join their devices to a Microsoft Active Directory domain. The most basic level is Active Directory join where a device talks to an on-premise domain controller to receive authentication information, group policies, and resources. A more common way is hybrid join. This is for organizations utilizing Microsoft Entra ID, formerly known as Azure Active directory. This type of domain join sends information from on-premise servers up to the Microsoft cloud. It enables endpoint devices to authenticate with Azure and allows users to use things like Microsoft Teams, OneDrive, and Office 365. However, Windows authentication is still handled primarily by an on-premise domain controller. This mode, despite its name, has become outdated with the rise of hybrid work scenarios. Users working off campus are required to use a VPN in order to access on-premise resources. While the effects of this are not immediate, it does present challenges for users that change their password remotely or rarely, if ever, visit campus especially to log on to their device for the first time. Enter Entra-Join. This mode joins the device solely to Microsoft Entra ID and requires no connection to on-premise domain controllers. Only an internet connection is required to perform Windows authentication, not a VPN. This empowers users to change their password off campus without worrying about syncing issues. It also empowers IT staff to ship devices to users where they can perform their first login from home. The road to Entra-join is not without its challenges, however. There are many primary and secondary systems that rely on on-premise resources and must be transitioned to the cloud or restructured entirely. Examples include: automatic certificate-based WiFi connections, application deployment, group policies, provisioning and more. Each hurdle requires a unique solution and big picture planning. In our presentation, we will discuss the reasons why organizations should switch to Entra- join, the barriers to doing so, and how to overcome them.
