I think you're being generous if you think the average "cloud native" company is joining their servers to a domain at all. They've certainly fallen out of fashion in favor of the servers being dumb and user access being mediated by an outside system.

Why not? The actual clouds do.

I think folks are being facetious wanting more for 'free'. The solutions have been available for literal decades, I was deliberate in my choice.

Not the average, certainly the majority where I've worked. There are at least two well-known Clouds that enroll their hypervisors to a domain. I'll let you guess which.

My point is, the difficulty is chosen... and 'No choice is a choice'. I don't care which, that's not my concern. The domain is one of those external things you can choose. Not just some VC toy. I won't stop you.

The devices are already managed; you've deployed them to your fleet.

No need to be so generous to their feigned incompetence. Want an internal CA? Managing that's the price. Good news: they buy!

Don't complain to me about 'your' choices. Self-selected problem if I've heard one.

Aside from all of this, if your org is being hung up on enrollment... I'm not sure you're ready for key management. Or the other work being a CA actually requires.

Yes, it's more work. Such is life and adding requirements. Trends - again, for decades - show organizations are generally able to manage with something.

Literal Clouds do this, why can't 'you'?