I was wondering if it was ever considered to use the Cloud Management Gateway as a proxy for the HAADJ?  Not to operate as a DC, but to proxy the domain join “blob” between the internal DC and the offsite devices.

 

I expect that there may be some additional infrastructure, such as SCEP, but I’m wondering if that may be a possible alternative in the future.

 

I’m not sure what considerations that may be involved that would invalidate this, but I’m curious as to its viability.  I know it won’t do this now.