We recently took over a new client who was using an expensive 3rd party file sync for shared files and personal user files. We want to migrate them to SharePoint / OneDrive (They already use O365 for Exchange/Office apps). We would like to control access to SharePoint via Azure Conditional Access to grant access to only domain joined devices. The on premises AD is domain1.local. The Office 365 domain is domain2.com. I do not care about having to manage 2 sets of user accounts and passwords. Local AD is running on a Server 2012 R2 domain controller.
I configured Azure AD Connect on the local domain controller and synchronized with Azure. I successfully joined a computer to the domain. It then synced to Azure and is listed in devices as a Hybrid AD joined device. However, when I try to access SharePoint online, I'm still getting denied access with the error that the device must be domain joined. dsregcmd /status shows that the device is AzureADJoined.
Is it possible to have a hybrid domain with the local AD as domain1.local and domain2.com as the Azure domain? We use sharepoint for a document library and have no issue requiring a separate sign in to access it either via a browser or the OneDrive for business app.
If it is not possible to do this, what is the easiest way to change the local domain from domain1.local to domain2.com? It would not be prohibitively awful to simply create a new local domain, but we'd like to avoid it if at all possible.
As I'm new to Azure, if you have any thoughts that I'm likely missing, please don't hesitate to chime in.