Prerequisites for hybrid domain join

Read this page to learn the prerequisites to set up ODJ service to support the Azure AD joined Windows devices to join on-premises AD on enrollment.

Prerequisites

Before proceeding with the Hybrid Domain Join process, ensure that all the following prerequisites are met and that you have the necessary information and access required to perform the configuration and implementation steps.

The endpoint must be a physical Windows 10 or Windows 11 machine.
Note: Windows Autopilot enrolment with Offline Domain Join cannot be performed on a virtual machine.
ODJ and MDM SSL certificates and keys.
Global Administrator credentials for your Azure AD tenant.
Azure Active Directory (Azure AD) Configuration
- Add custom domain in Azure Active Directory and verify
- Configure BigFix MDM in Azure Active Directory
Microsoft Endpoint Manager (MEM) Configuration:
- Create Windows Autopilot deployment profiles for Hybrid AD join
- Import Hardware hash of the devices
On-premises AD
- Provision and Grant the service account permissions to create computer objects in Active Directory
Azure AD connect
- Configure synchronization
- Configure Hybrid AD join