AAD Join & Onpremise resources SSO

prasad goud
Occasional Contributor


I want to join the Windows 10 devices to AAD using AAD Join, by this, I get SSO for resources in the cloud. But do I get SSO for on-premise resources for e.g Fileshares and Print etc?

I have gone through the below articles, I really did not understand how I get TGT & TGS from on-premise Dcs without the computer account in the on-premise active directory.
I do not want to use Domain Join + Device registration as I would like to manage client devices in Azure AD using intune(so only AADJoin so that i can manage devices using intune)

Articles i refered

3 Replies
No, in order to get SSO for both you have to setup and use what is called Hybrid Join. Here is an article explaining that:
Thank you.



At last i found that it is possible to get both PRT from AAD & TGT from onprem AD for a user logged on to AAD Join machine(no hybrid, just AAD Join).

We should have a windows 2016 AD DCs to achieve this.

I could get PRT & TGT once I installed 2016 DC.


Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies