I would like to setup Single Sign On for Minecraft Edu. Is Hybrid join enough or do devices need to be full AAD join? Devices are currently on prem domain joined. Also, what could be the impact of enabling/enforcing Hybrid join?

I am a bit new to AAD, but am I also correct that the device does not need to be enrolled into Intune (we currently deploy Minecraft via SCCM or Store).

Many thanks.