Forum Discussion
AzureAD Joined Device and onprem w/ PIN
I am working on a scenario where we want to move to Azure ADDS, we still have some need for LDAP/S, Unix, etc but want on prem to go away. Endpoints are already azure AD Joined to the 365 Tenant. Tenant is insync with onprem w/ Azure AD Connect w/ password hash as well...
here is where it gets fun...endpoint with password login has no problem accessing onprem file server, but as you know Azure Join Devices force pin enrollment and default to it. When user logs in with PIN, I get cred prompt...eventually this box will goto azure, but I suspect this will occur when it gets out there also...
I have attempted AzureAdKerberosServer, oneway trust with AADDS/Local and domain certificate avenue, no love...has anyone gone down this rabbit hole?
Where is your IAM? On-prem or Cloud?
- RussMeyer-EpikCopper Contributor
Onprem for now…future state will ideally be aadds
- RussMeyer-EpikCopper Contributorso actually, got it to work...AzureADKerbos object via powershell, then a custom item via intune...
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision
now on to the next fun...getting the same azure joined device/user to access a server that is joined to azure ad ds...cant do azure dc kerberos there