Forum Discussion

RussMeyer-Epik's avatar
RussMeyer-Epik
Copper Contributor
Apr 07, 2023

AzureAD Joined Device and onprem w/ PIN

I am working on a scenario where we want to move to Azure ADDS, we still have some need for LDAP/S, Unix, etc but want on prem to go away. Endpoints are already azure AD Joined to the 365 Tenant. Tenant is insync with onprem w/ Azure AD Connect w/ password hash as well...

 

here is where it gets fun...endpoint with password login has no problem accessing onprem file server, but as you know Azure Join Devices force pin enrollment and default to it. When user logs in with PIN, I get cred prompt...eventually this box will goto azure, but I suspect this will occur when it gets out there also...

 

I have attempted AzureAdKerberosServer, oneway trust with AADDS/Local and domain certificate avenue, no love...has anyone gone down this rabbit hole?

Resources