A word made up of elements from different languages, for example, “television” from “tele” (Greek, meaning “far”) and visio” (Latin, meaning “see”).
-->- Hybrid Bikes Hybrid bikes borrow elements from road, mountain and touring bikes to create a bicycle with a wide range of uses. They are popular choices for commuting, city riding and general recreation. Considerations for Buying a Hybrid Bike.
- Federal Tax Credits for New All-Electric and Plug-in Hybrid Vehicles Federal Tax Credit Up To $7,500! All-electric and plug-in hybrid cars purchased new in or after 2010 may be eligible for a federal income tax credit of up to $7,500. The credit amount will vary based.
Applies to
- Windows 10
You can use Intune and Windows Autopilot to set up hybrid Azure Active Directory (Azure AD)-joined devices. To do so, follow the steps in this article. For more information about hybrid Azure AD join, see Understanding hybrid Azure AD join and co-management.
Prerequisites
Successfully configure your hybrid Azure AD-joined devices. Be sure to verify your device registration by using the Get-MsolDevice cmdlet.
The device to be enrolled must follow these requirements:
- Use Windows 10 v1809 or greater.
- Have access to the internet following Windows Autopilot network requirements.
- Have access to an Active Directory domain controller. The device must be connected to the organization's network so that it can:
- Resolve the DNS records for the AD domain and the AD domain controller.
- Communicate with the domain controller to authenticate the user.
- Successfully ping the domain controller of the domain you're trying to join.
- If using Proxy, WPAD Proxy settings option must be enabled and configured.
- Undergo the out-of-box experience (OOBE).
- Use an authorization type that Azure Active Directory supports in OOBE.
Set up Windows 10 automatic enrollment
- Sign in to Azure, in the left pane, select Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune.
- Make sure users who deploy Azure AD-joined devices by using Intune and Windows are members of a group included in MDM User scope.
- Use the default values in the MDM Terms of use URL, MDM Discovery URL, and MDM Compliance URL boxes, and then select Save.
Increase the computer account limit in the Organizational Unit
The Intune Connector for your Active Directory creates autopilot-enrolled computers in the on-premises Active Directory domain. The computer that hosts the Intune Connector must have the rights to create the computer objects within the domain.
In some domains, computers aren't granted the rights to create computers. Additionally, domains have a built-in limit (default of 10) that applies to all users and computers that aren't delegated rights to create computer objects. The rights must be delegated to computers that host the Intune Connector on the organizational unit where hybrid Azure AD-joined devices are created.
The organizational unit that's granted the rights to create computers must match:
- The organizational unit that's entered in the Domain Join profile.
- If no profile is selected, the computer's domain name for your domain.
- Open Active Directory Users and Computers (DSA.msc).
- Right-click the organizational unit to use to create hybrid Azure AD-joined computers > Delegate Control.
- In the Delegation of Control wizard, select Next > Add > Object Types.
- In the Object Types pane, select the Computers > OK.
- In the Select Users, Computers, or Groups pane, in the Enter the object names to select box, enter the name of the computer where the Connector is installed.
- Select Check Names to validate your entry > OK > Next.
- Select Create a custom task to delegate > Next.
- Select Only the following objects in the folder > Computer objects.
- Select Create selected objects in this folder and Delete selected objects in this folder.
- Select Next.
- Under Permissions, select the Full Control check box. This action selects all the other options.
- Select Next > Finish.
Install the Intune Connector
The Intune Connector for Active Directory must be installed on a computer that's running Windows Server 2016 or later. The computer must also have access to the internet and your Active Directory. To increase scale and availability, you can install multiple connectors in your environment. We recommend installing the Connector on a server that's not running any other Intune connectors. Each connector must be able to create computer objects in any domain that you want to support.
Note
If your organization has multiple domains and you install multiple Intune Connectors, you must use a service account that's able to create computer objects in all domains, even if you plan to implement hybrid Azure AD join only for a specific domain. If these are untrusted domains, you must uninstall the connectors from domains in which you don't want to use Windows Autopilot. Otherwise, with multiple connectors across multiple domains, all connectors must be able to create computer objects in all domains.
The Intune Connector requires the same endpoints as Intune.
- Turn off IE Enhanced Security Configuration. By default Windows Server has Internet Explorer Enhanced Security Configuration turned on. If you're unable to sign in to the Intune Connector for Active Directory, then turn off IE Enhanced Security Configuration for the Administrator. How To Turn Off Internet Explorer Enhanced Security Configuration.
- In the Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Intune Connector for Active Directory > Add.
- Follow the instructions to download the Connector.
- Open the downloaded Connector setup file, ODJConnectorBootstrapper.exe, to install the Connector.
- At the end of the setup, select Configure.
- Select Sign In.
- Enter the user Global Administrator or Intune Administrator role credentials.The user account must have an assigned Intune license.
- Go to Devices > Windows > Windows enrollment > Intune Connector for Active Directory, and then confirm that the connection status is Active.
Note
After you sign in to the Connector, it might take a couple of minutes to appear in the Microsoft Endpoint Manager admin center. It appears only if it can successfully communicate with the Intune service.
Configure web proxy settings
If you have a web proxy in your networking environment, ensure that the Intune Connector for Active Directory works properly by referring to Work with existing on-premises proxy servers.
Create a device group
- In the Microsoft Endpoint Manager admin center, select Groups > New group.
- In the Group pane, choose the following options:
- For Group type, select Security.
- Enter a Group name and Group description.
- Select a Membership type.
- If you selected Dynamic Devices for the membership type, in the Group pane, select Dynamic device members.
- In the Advanced rule box, enter one of the following code lines:
- To create a group that includes all your Autopilot devices, enter
(device.devicePhysicalIDs -any _ -contains '[ZTDId]')
. - Intune's Group Tag field maps to the OrderID attribute on Azure AD devices. If you want to create a group that includes all of your Autopilot devices with a specific Group Tag(OrderID), type:
(device.devicePhysicalIds -any _ -eq '[OrderID]:179887111881')
- To create a group that includes all your Autopilot devices with a specific Purchase Order ID, enter
(device.devicePhysicalIds -any _ -eq '[PurchaseOrderId]:76222342342')
.
- To create a group that includes all your Autopilot devices, enter
- Select Save > Create.
Register your Autopilot devices
Select one of the following ways to enroll your Autopilot devices.
Register Autopilot devices that are already enrolled
- Create an Autopilot deployment profile with Convert all targeted devices to Autopilot set to Yes.
- Assign the profile to a group that contains the members that you want to automatically register with Autopilot.
For more information, see Create an Autopilot deployment profile.
Register Autopilot devices that aren't enrolled
If your devices aren't yet enrolled, you can register them yourself. For more information, see Manual registration.
Register devices from an OEM
If you're buying new devices, some OEMs can register the devices for you. For more information, see OEM registration.
Before they're enrolled in Intune, registered Autopilot devices are displayed in three places (with names set to their serial numbers):
- The Autopilot Devices pane in the Intune in the Azure portal. Select Device enrollment > Windows enrollment > Devices.
- The Azure AD devices pane in the Intune in the Azure portal. Select Devices > Azure AD Devices.
- The Azure AD All Devices pane in Azure Active Directory in the Azure portal by selecting Devices > All Devices.
After your Autopilot devices are enrolled, they're displayed in four places:
- The Autopilot Devices pane in the Intune in the Azure portal. Select Device enrollment > Windows enrollment > Devices.
- The Azure AD devices pane in the Intune in the Azure portal. Select Devices > Azure AD Devices.
- The Azure AD All Devices pane in Azure Active Directory in the Azure portal. Select Devices > All Devices.
- The All Devices pane in the Intune in the Azure portal. Select Devices > All Devices.
After your Autopilot devices are enrolled, their names become the hostname of the device. By default, the hostname begins with DESKTOP-.
Supported BYO VPNs
Here is a list of VPN clients that are known to be tested and validated:
Supported clients:In-box Windows VPN clientCisco AnyConnect (Win32 client)Pulse Secure (Win32 client)GlobalProtect (Win32 client)Checkpoint (Win32 client)Citrix NetScaler (Win32 client)SonicWall (Win32 client)
Not supported clients:UWP-based VPN plug-insAnything that requires a user certDirectAccess
Create and assign an Autopilot deployment profile
Autopilot deployment profiles are used to configure the Autopilot devices.
- In the Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Deployment Profiles > Create Profile.
- On the Basics page, type a Name and optional Description.
- If you want all devices in the assigned groups to automatically convert to Autopilot, set Convert all targeted devices to Autopilot to Yes. All corporate owned, non-Autopilot devices in assigned groups will register with the Autopilot deployment service. Personally owned devices won't be converted to Autopilot. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will enroll it. After a device is registered in this way, disabling this option or removing the profile assignment won't remove the device from the Autopilot deployment service. You must instead remove the device directly.
- Select Next.
- On the Out-of-box experience (OOBE) page, for Deployment mode, select User-driven.
- In the Join to Azure AD as box, select Hybrid Azure AD joined.
- If you're deploying devices off of the organization's network using VPN support, set the Skip Domain Connectivity Check option to Yes. For more information, see User-driven mode for hybrid Azure Active Directory join with VPN support.
- Configure the remaining options on the Out-of-box experience (OOBE) page as needed.
- Select Next.
- On the Scope tags page, select scope tags for this profile.
- Select Next.
- On the Assignments page, select Select groups to include > search for and select the device group > Select.
- Select Next > Create.
It takes about 15 minutes for the device profile status to change from Not assigned to Assigning and, finally, to Assigned.
(Optional) Turn on the enrollment status page
- In the Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Enrollment Status Page.
- In the Enrollment Status Page pane, select Default > Settings.
- In the Show app and profile installation progress box, select Yes.
- Configure the other options as needed.
- Select Save.
Create and assign a Domain Join profile
- In the Microsoft Endpoint Manager admin center, select Devices > Configuration profiles > Create Profile.
- Enter the following properties:
- Name: Enter a descriptive name for the new profile.
- Description: Enter a description for the profile.
- Platform: Select Windows 10 and later.
- Profile type: Select Domain Join.
- Select Settings, and then provide a Computer name prefix, Domain name.
- (Optional) Provide an Organizational unit (OU) in DN format. Your options include:
- Provide an OU in which you've delegated control to your Windows 2016 device that is running the Intune Connector.
- Provide an OU in which you've delegated control to the root computers in your on-prem Active Directory.
- If you leave this blank, the computer object will be created in the Active Directory default container (CN=Computers if you never changed it).
Here are some valid examples:- OU=Level 1,OU=Level2,DC=contoso,DC=com
- OU=Mine,DC=contoso,DC=com
Here are some examples that aren't valid:- CN=Computers,DC=contoso,DC=com (you can't specify a container, instead leave the value blank to use the default for the domain)
- OU=Mine (you must specify the domain via the DC= attributes)
NoteDon't use quotation marks around the value in Organizational unit. - Select OK > Create. The profile is created and displayed in the list.
- Assign a device profile to the same group used at the step Create a device group. Different groups can be used if there's a need to join devices to different domains or OUs.
Note
The naming capabilities for Windows Autopilot for Hybrid Azure AD Join do not support variables such as %SERIAL% and only support prefixes for the computer name.
Next steps
After you configure Windows Autopilot, learn how to manage those devices. For more information, see What is Microsoft Intune device management?.
Hybrid cloud combines and unifies public cloud and private cloud services from multiple cloud vendors to create a single, flexible, cost-optimal IT infrastructure.
What is hybrid cloud?
Hybrid cloud is IT infrastructure that connects at least one public cloud and at least one private cloud, and provides orchestration, management and application portability between them to create a single, flexible, optimal cloud environment for running a company’s computing workloads.
Hybrid multicloud is a hybrid cloud infrastructure that includes more than one public cloud from more than one cloud service provider.
By enabling a company to
- combine best-of-breed cloud services and functionality from multiple cloud computing vendors
- choose the optimal cloud computing environment for each workload, and
- move workloads freely between public and private cloud as circumstances change
hybrid cloud (and particularly hybrid multicloud) helps a company achieve its technical and business objectives more effectively and cost-efficiently than public cloud or private cloud alone. In fact, according to one recent study, companies derive up to 2.5x the value from hybrid cloud than from a single-cloud, single-vendor approach.
How does hybrid cloud work?
Traditional hybrid cloud architecture
Initially, hybrid cloud architecture focused on the mechanics of transforming portions of a company's on-premises data center into private cloud infrastructure, and then connecting that infrastructure to public cloud environments hosted off-premises by a public cloud provider (e.g. AWS, Google Cloud Services, IBM Cloud, Microsoft Azure). This was accomplished using a prepackaged hybrid cloud solution such as Red Hat OpenStack (link resides outside IBM) or by using sophisticated enterprise middleware to integrate cloud resources across the environments, and unified management tools for monitoring, allocating and managing those resources from a central console or 'single pane of glass.'
The result was unified IT infrastructure well-suited to several use cases:
- Security and regulatory compliance: Reserve behind-the firewall private cloud resources for sensitive data and highly regulated workloads and use more economical public cloud resources for less-sensitive workloads and data.
- Scalability and resilience: Use public cloud compute and cloud storage resources to scale up quickly, automatically and inexpensively in response to unplanned spikes in traffic without impacting private cloud workloads (this is called 'cloudbursting).
- Rapid adoption of new technology: Adopt or switch to the latest software-as-a-service (SaaS) solution, and even integrate those solutions into existing applications, without provisioning new on-premises infrastructure.
- Enhancing legacy applications: Use public cloud services to improve the user experience of existing apps or to extend them to new devices.
- VMware migration: 'Lift and shift' existing on-premises workloads to virtualized public cloud infrastructure, to reduce the on-premises data center footprint and scales as needed without additional capital equipment investment.
- Resource optimization and cost savings: Run workloads with predictable capacity on private cloud and migrate more variable workloads to public cloud; use public cloud infrastructure to quickly 'spin up' development and test resources as needed.
Modern hybrid cloud architecture
Hybrid Definition
Today, hybrid cloud architecture is focused less on physical connectivity, and more on supporting the portability of workloads across all cloud environments, and on automating the deployment of those workloads to the best cloud environment for a given business purpose.
Several trends are driving this shift.
Electric Car Hybrid Models
As part of the next critical step in their digital transformations, organizations are building new applications and modernizing legacy applications to leverage cloud nativetechnologies - technologies that enable consistent and reliable development, deployment, management and performance across cloud environments and across cloud vendors.
Specifically, they're building or transforming applications to use microservicesarchitecture, which breaks applications into smaller, loosely coupled, reusable components focused on specific business functions. And they're deploying these applications in containers - lightweight executable units that contain only the application code and the virtualized operating system dependencies required to run it.
At a higher level, public and private cloud are no longer physical 'locations' to connect. For example, many cloud vendors now offer public cloud services that run in their customers on-premises data centers; private clouds, once run exclusively on-premises, are now often hosted in off-premises data centers, on virtual private networks (VPNs) or virtual private clouds (VPCs), or on dedicated infrastructure rented from third party providers (who are sometimes public cloud providers).
What’s more, infrastructure virtualization – also called infrastructure as code - lets developers create these environments on demand using any compute resources or cloud resources located behind or beyond the firewall. This takes on added importance with the advent of edge computing, which offers opportunities to improve global application performance by moving workloads and data closer to where the actual computing gets done.
As a result of these and other factors, modern hybrid cloud infrastructure is starting to coalesce around a unified hybrid multicloud platform that includes:
- Support for cloud-native application development and deployment across all cloud types (public and private) and cloud providers
- A single operating system across all environments
- A container orchestration platform - typically Kubernetes - that automates the deployment of applications across cloud environments.
Cloud-native development lets developers transform monolithic applications into units of business-focused functionality that can be run anywhere and reused within a variety of applications. A standard operating system lets developers build any hardware dependency into any container. And Kubernetes orchestration and automation gives developers granular, set-it-and-forget-it control over container configuration and deployment - including security, load balancing, scalability and more - across multiple cloud environments.
Benefits of a unified hybrid cloud platform
A unified hybrid cloud strategy is still in its 'early adopter' phase; in a recent survey 13 percent of organizations reported they were actively using a multicloud management platform. But these organizations are already realizing significant benefits including:
- Improved developer productivity: A unified hybrid cloud platform can help expand adoption of Agile and DevOps methodologies, and enable development teams to develop once and deploy to all clouds.
- Greater infrastructure efficiency: With more granular control over resources, development and IT operations teams can optimize spend across public cloud services, private clouds, and cloud vendors. Hybrid cloud also helps companies avoid more of the technical debt of on-premises infrastructure by migrating legacy applications faster.
- Improved regulatory compliance and security: A unified platform lets an organization draw on best-of-breed cloud security and regulatory compliance technologies and implement security and compliance across all environments in a consistent way.
- Overall business acceleration: This includes shorter product development cycles; accelerated innovation and time-to-market; faster response to customer feedback; faster delivery of applications closer to the client (e.g., edge ecommerce); and faster integration and combination with partners or third parties to deliver new products and services.
Hybrid cloud and IBM
IBM Cloud hybrid cloud solutions deliver flexibility and portability for both applications and data. Linux, Kubernetes and containers support the hybrid cloud stack and combine with Red Hat OpenShift to create a common platform connecting on-premises and cloud resources.
Learn more about hybrid cloud solutions built with IBM Cloud.
To start building your own hybrid cloud solutions, sign up for an IBMid and create your IBM Cloud account.
About the Author
Sai Vennam is a Developer Advocate at IBM with expertise on Kubernetes, OpenShift, and managed cloud offerings. He’s passionate about connecting developers with technology that allows them to be successful. As a hobby, he works on his home automation using Raspberry Pis and serverless technology.
Twitter: @birdsaiview
Blogs: https://www.ibm.com/cloud/blog/sai-vennam