We have been using Office 365 and Windows Intune for a few years, fully cloud based, no directory sync. Never had a local domain environment. We've now got about 20 lab servers, and 10 more on the way, and now our users are going to be logging in via RDP a LOT, and we obviously should have a local domain which syncs down our existing Azure AD users, groups, and passwords. In the past, the tools were generally designed to push UP to Azure AD, but I'm hoping that our objective is now supported.
Question 1, Is that a supported use case?
If so, I've built lots of domains from scratch in the past, but have never done DirSync or ADFS, so I don't know the nuances of the attributes, OU's, Groups, Directions, Etc. Read plenty of horror stories.
Question 2, Are there any document providing guidance for our specific situation?
Question 3, Is there a way to do this where I don't have to create/modify a bunch of custom attributes?
Question 4, Can we continue to just administer users via our existing Office 365 processes, or will we be forced to start using the local AD tools for managing users once we enable sync?
Notes: We use Intune to manage devices for a large mobile workforce. We are interested in workplace join as well, don't know if that's a factor on how we would configure this.
