Microsoft Azure Active Directory (Azure AD) provides device management when Windows devices are registered with Azure AD. Azure AD can ensure that devices meet organizations’ standards for security and compliance.
You can configure hybrid Azure AD join to register your on-premises AD domain-joined Windows resources automatically to Azure AD. Hybrid Azure AD join provides SSO to enterprise applications using Kerberos and OAuth 2.0 tokens. This enables users to sign in to the domain and access the cloud resources without the need to provide credentials. Access Manager serves as an identity provider in this process.
The following are the key capabilities of hybrid Azure AD join:
Device-based conditional access
SSO to on-premises and cloud resources
Windows Hello for Business
For detailed information about hybrid Azure AD, see Hybrid Azure AD joined devices.