Dec 13 2020 12:07 PM
Dec 13 2020 12:07 PM
Could somebody clarify whether Hybrid Azure AD Join is supported when using Alternate Login ID? In this scenario I'm using the Mail attribute to sync/represent the UPN in Azure AD.
The following article says that the AD on premises UPN needs to be internet routable (and verified in Azure AD) to be supported with HAADJ. However, it makes no reference to using Alternate Login ID in this article - https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-on-p...
I have ran some initial tests in a lab/test scenario which showed HAADJ registration and access to modern apps functioning in the sign-in logs; however functioning does not mean supported. The scenario of my lab/test:
I'm really looking for some clarification on support for this, can anybody assist?
As a side note, using UPN as the Login ID in Azure AD is my preference, but multiple LOB apps means significant delays and/or other changes required.
Dec 14 2020 03:58 AM
Dec 14 2020 06:33 AM
As I understand there are 3 types of Alternate Login ID....
I'm looking at option 2.
Dec 14 2020 07:24 AM
Dec 14 2020 09:01 AM
Dec 14 2020 09:06 AM
I managed to get clarification for from Microsoft via the Technical Advisor on GitHub.
The reason I thought this would be supported by Microsoft is that in my lab, a user with a UPN of firstname.lastname@example.org achieved Hybrid Azure AD Join status when accessing M365 via Modern Apps or Browser access. This is when the UPN suffix is not verified in the tenant.
On closer investigation I found this worked because my AD forest domain was a forest suffix of ad.contoso.com which is a sub domain of contoso.com. When I ran a home realm discovery using the sun domain, it returns the details of the correct realm.
So in conclusion, if your users on premises UPN suffix is a sub domain of a verified domain in your tenant, (but not verified in Azure AD) I found HAADJ will work. If you have a .local UPN suffix, you will need to amend the users UPN to work with HAADJ.
Dec 14 2020 09:21 AM