After some campaigning and some quick work from the ConfigMgr team for the ConfigMgr tech preview 1802 release, you can now use non-OSD task sequences, such as those that install apps or perform feature updates, even for internet-connected (and Azure AD-joined) devices. See https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1802#windows-10-in-place-upgrade-task-sequence-via-cloud-management-gateway for more details.
Here’s a snapshot of what that looks like, first showing an internet-connected client (connecting through the ConfigMgr cloud management gateway) running the TP1802 client (build 8627):
And then the view in Software Center:
where you can see the task sequence named “Non-OSD Task Sequence” (just to be clear, that’s what I named it). And all I had to do to get that to show up (after setting up the cloud management gateway and installing TP1802) is to check the “Allow task sequences to run for client on the internet” box:
And if you look back at the Software Center picture above, you can also see another new feature in TP1802 too: It’s showing apps that target users, even on this Azure AD-joined device. That feature is described at https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1802#use-software-center-to-browse-and-install-user-available-applications-on-azure-ad-joined-devices.
So in a short period of time, ConfigMgr has gained some important new capabilities for Azure AD-joined devices, which will be very useful for Windows AutoPilot deployments.