Forum Discussion

notesguru99's avatar
notesguru99
Brass Contributor
Aug 20, 2021

Do I need to do a domain join to avoid multiple logins?

Hi,

We are just starting with InTune and using AutoPilot, however I see by default these new computers do not appear in the local, on prem Active Directory, so this means when staff rock up at the office, they login to their laptop but they are not on the domain so if they try and access a network share or a network app they are prompted to sign in, constantly in some casese!

So, my question is this, we have a lot of legacy apps, we can't move fully to Azure just yet, we need staff working in the office on certain software, so do we make these new AutoPilot computers hybrid domain joined devices to get around this network prompt?  Also, when we do this will it rename the computer account? I see it assigns a random 15 character code as the machine name, but it isn't clear if it actually renames the computer itself or just makes this a reference in AD?   Any help much apprecited.

TIA

Stuart

domain join
Hybrid Azure AD Join
Intune

3 Replies

Sort By
  • karthikajoy's avatar
    karthikajoy
    Copper Contributor
    Aug 23, 2021

    Hi notesguru99 , Good Afternoon,

    1) I would like you to go through the below links for hybrid identity. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identityPass 

    Pass through Authentication Scenarios will Help you to Sync user account to AAD and AAD Connect responsible for authentication.

    2) You can set an hostname policy in Auto pilot so this will avoid the random names for the device. This will helpful for you. 

     

    Ex: 

    •Device naming pattern

    •%SERIAL%

    •%RAND:x% (where X is the number of digits)

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Aug 22, 2021
    Hi,

    I would skip HAADJ 🙂 ... If it's possible to skip it, I would. It depends on multiple factors...If the legacy apps just files sitting on a share... no problem that will work

    you will need to make sure you have azure ad connect installed as this is necessary for the SSO from your AADJ devices to your onpremise servers

    I have done a huge blog on this topic...If you have any questions about it, please send me an email!

    https://call4cloud.nl/2021/03/deliver-us-from-hybrid/
  • Nathan Blasac's avatar
    Nathan Blasac
    Iron Contributor
    Aug 20, 2021
    There are ways to get SSO to on prem resources on an AzureAD Joined device. See this link:

    https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso

    However, if you want to go Hybrid then yes you'll need to setup Device Registration in Azure AD Connect in your on premises Forest, and Hybrid Autopillot with the Intune Connector for Active Directory.

    https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid

Resources