SOLVED

How to use AD Log On To restriction but allow Azure AD Pass-Through Authentication

Copper Contributor

As the title says I am attempting to utilize the "Log On To..." setting in on-premises AD

but still allow users to log onto Azure AD authenticated resources such as Office 365.

 

The test accounts can log into only the specified workstation when the setting is enabled. Which is the expected outcome but when this is enabled and the user attempts to log into anything that authenticates via Azure AD, the authentication fails with "Pass-through Authentication" Succeeded: "False".

This totally makes sense but I am required to lock down user account(s) to specific computers and still allow Azure AD Authentication for these same users.

 

Is this even possible without going through group policy which gets messy when you only want certain user accounts on certain machines.

BCSecA_0-1694632037662.pngBCSecA_1-1694632077017.png

 

1 Reply
best response confirmed by BCSecA (Copper Contributor)
Solution
Hi. Yes, you should be able to if you put the server names where the Pass through agents are installed. Hope that helps
1 best response

Accepted Solutions
best response confirmed by BCSecA (Copper Contributor)
Solution
Hi. Yes, you should be able to if you put the server names where the Pass through agents are installed. Hope that helps

View solution in original post