Jan 02 2019 08:14 AM
I am currently auto registering my workstations with AZ via GPO so the workstations display in AAD as Hybrid joined.
I then have a policy applied to Exch-onLine that only computers that are Hybrid joined have mailbox access. This is to stop Non-Firm computers from accessing Firm email.
The issue I am having is every so often a user will get a msg that they are block due to the computer not being Hybrid Joined. When I check the users workstation i run DSMCMD.EXE /STATUS and the computer displays as Azure AD Joined. I check the AZ portal and the computer is listed and AAD Hybrid joined.
MS is telling me that the workstations now also need this option enabled in the GPO,
"Enable automatic MDM enrollment using default Azure AD credentials. "
Which will now display the workstations as Mobile devices and will show up as either incompliance or not. However the Conditional access policy is looking for the device to be Hybrid Joined.
So is this a new requirement or are they just having me jump through hoops for the heck of it?
Also wanted to add the I dont see this option in the Current GPPO used to register my workstations.
I am running domain funtion level of 2012 r2. They are telling me its only available in server 2016.
Jan 03 2019 12:16 PM
Jan 03 2019 12:30 PM
Jan 04 2019 06:33 AM
Jan 04 2019 06:34 AM