Forum Discussion
Connect only local network connected computers to Intune ?
Hi,
If a company has a bunch of computers that aren´t allowed to reach the internet, what is the best way to Intune enroll them ?
They are AD joined today, and we are going to install azure ad connect.
Is it possible that these computer will be hybrid azure joined with the rest of the computers (that has internet connection) or do we need to handle them in another way ?
Thanks in advance!
- Via proxy or firewall is opening internet 😉 If you open the URLs from the link I shared, you should be good to go I guess,,. A proxy could be used, but not in Autopilot scenarios. Hybrid Join could be used with a proxy, but Hybrid Azure AD Join is something that I wouldn't recommend. Only if you really have to, Azure AD Joined devices can access Fileservers in your environment too without being Hybrid Joined to Azure AD and Active Directory. See https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
9 Replies
- The devices need access to the internet to be managed, see https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints. Also, the device needs access to Azure AD.
What's the point of enrolling them into Intune if they can't be managedHi,
The point is to be able to use an Intunes-enrolled device in a poor internet environment (example: industrial plants).
In Intunes, is there a way to keep it working, that is, accessing a local resource,
when the device does not have an internet signal, does it switch to a local access point?- Intune, not Intunes 😉 You can use an Intune enrolled (Entra ID joined, or Hybrid joined to both Active Directory and Entria ID) device without internet access, no problem. If they are Hybrid Joined, they can continue accessing local resources like File Shares. If they are Entra ID joined, then you could use Kerberos Trust to access local resources for a while, but you will need internet access to keep that going.
But joining clients to Intune and then continuing to use those clients without internet access seems weird because you can't manage them anymore. Doesn't that defeat the whole point of joining them to Intune?!
Do you mean the client is connected to an AP without internet access when using Local AP?
I have read somewhere that it might be possible to Intune them without internet, that it is possible via proxy or firewallopenings etc.
They are AD joined today and we want them to be hybrid joined and managed via Intune.
Is that possible through some proxy or any other way ?
- Via proxy or firewall is opening internet 😉 If you open the URLs from the link I shared, you should be good to go I guess,,. A proxy could be used, but not in Autopilot scenarios. Hybrid Join could be used with a proxy, but Hybrid Azure AD Join is something that I wouldn't recommend. Only if you really have to, Azure AD Joined devices can access Fileservers in your environment too without being Hybrid Joined to Azure AD and Active Directory. See https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intune
