This process involves the following steps: But given the amount of interest recently, it’s time to cover the topic again: How to troubleshoot Windows Autopilot Hybrid Azure AD Join. Password logons will then become default for each user.It feels like I’ve written this blog before – many times actually. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserTileĪnd set the value to In short, loop through each SID listed under While there is no easy way to un-enroll your users from WHfB, you can set password as the default logon option – which will make your SSO journey much simpler… then you can work in the background on getting WHfB SSO going. With MS support – but they don’t seem to see anything wrong with the implication that additional information is required, but not specifying what that additional information is anywhere. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect. This can be achieved with WHfB – but is not the simplest thing to setup – ĪzureAD SSO to on premise resources “just works” with a few caveats – as per this horrendously badly written MS doc – – i have queried the statementĪzure AD joined devices have no knowledge about your on-premises AD environment because they aren’t joined to it. If you have a hybrid environment and AzureAD joined machines sometimes come into the corporate network or VPN in – you dont want them to get prompted every time they try to access a resource. The main reason is SSO for on premise resources.
It can be disabled via intune….but what if you don’t have intune – and cant manage the device until its enrolled with your 3rd party solution – after the user has been forcibly enrolled into WHfB ? It seems that many people have a beef with MS for forcing Windows hello for business onto machines where they are joined to Azure AD – as per
0 kommentar(er)
