How to setup Hybrid Entra ID Join Autopilot devices with VPN when user is not in office
Dear Team,
We need to setup Autopilot in Hybrid Entra ID join with VPN and in this case, user will be in remote location other than office network.
My plan - Using Hybrid Join Entra ID with Cisco VPN getting installed during the provisioning using win32 apps included in ESP page. In Cisco VPN there is a feature called SBL (Start before login) will allow user to sign in with AD credentials. Also, we will setup the Intune AD connector.
Configuration policies, like BitLocker, domain join, windows upgrade edition (if needed) will be pushed from Intune.
Compliance policies will be setup part of this setup.
For the testing purpose, we can do it on OEM optimized windows comes from Vendor.
Query-
1- Does this plan look good or anything else needs to cover? Would I need any certificates for VPN client to be included part of Configuration policy?
2- Also, I was going through this below article which says time takes to join On-prem AD so for that they have asked to follow their steps however my query is when user is on VPN how this will work? Please suggest if this can be utilized.
https://joymalya.com/autopilot-hybrid-azure-ad-join-reworked-with-joy/
3- Please suggest any configuration profiles which can be used as a best practice for first time Hybrid Entra Join Autopilot setup?
Let me know if you have any other thoughts around it.