Forum Discussion
jennylim
Nov 08, 2019Copper Contributor
How does computer objects synchronize to Azure AD for Windows Hello for Business?
Hi, I am implementing Windows Hello for Business in my environment using Hybrid-AD joined with certificate trust. In this flow diagram https://docs.microsoft.com/en-us/windows/security/identity...
jennylim
Nov 09, 2019Copper Contributor
Thanks, Eli Shlomo. I am using ADFS and is in federated scenario. I found some device sync rules in Azure AD Connect to sync out from AD to Azure AD. Thus, I am confused if it is based on that rules to sync out or based on Azure DRS to write the objects.
Eli Shlomo
Nov 09, 2019MVP
The sync rules are part of the filtering options and created by defaults, and it's recommended not to change these rules.
For your questions, it's based on Azure DRS and ADFS, and to make a long story short, some explanation: the registration with Azure AD is the same as with ADFS, but the client is reporting to on-premises instead with the DRS in Azure AD. When a device receives an answer from the DRS in ADFS then the device will get a user certificate and the computer object of that specific device will be updated with the ID of this user certificate. After that, the computer object will be sync with Azure AD.
More information
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual