I posted this over on r/intune, but wanted to get Spiceworks' thoughts, as well:
Hi all, K-12 admin here. Over our summer break, I started enrolling our teachers' and student laptops in Intune by applying the auto-enroll GPO to existing devices in Active Directory. This is working great for InTune so I thought to setup AutoPilot with a Active Directory domain-join profile for our new devices coming in. While this Autopilot deployment "works" in practicality, I'm finding more cons than pros with this setup method, mostly surrounding the time it takes to get to the desktop experience and app installation. I'd love to go full Azure AD, but currently need line-of-sight to a DC for one application - Fortinet Forticlient EMS (which I'm finding now has an Azure AD connector for v7). My ultimate goal is to transition to Defender, but I'm...