cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Do I need to do a domain join to avoid multiple logins?

notesguru99
Brass Contributor

‎Aug 20 2021 07:03 AM

‎Aug 20 2021 07:03 AM

Do I need to do a domain join to avoid multiple logins?

Hi,

We are just starting with InTune and using AutoPilot, however I see by default these new computers do not appear in the local, on prem Active Directory, so this means when staff rock up at the office, they login to their laptop but they are not on the domain so if they try and access a network share or a network app they are prompted to sign in, constantly in some casese!

So, my question is this, we have a lot of legacy apps, we can't move fully to Azure just yet, we need staff working in the office on certain software, so do we make these new AutoPilot computers hybrid domain joined devices to get around this network prompt?  Also, when we do this will it rename the computer account? I see it assigns a random 15 character code as the machine name, but it isn't clear if it actually renames the computer itself or just makes this a reference in AD?   Any help much apprecited.

TIA

Stuart

1,987 Views
0 Likes
3 Replies
Reply
3 Replies
Nathan Blasac

‎Aug 20 2021 10:49 AM

‎Aug 20 2021 10:49 AM

Re: Do I need to do a domain join to avoid multiple logins?

There are ways to get SSO to on prem resources on an AzureAD Joined device. See this link:

https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso

However, if you want to go Hybrid then yes you'll need to setup Device Registration in Azure AD Connect in your on premises Forest, and Hybrid Autopillot with the Intune Connector for Active Directory.

https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid

0 Likes
Reply
Rudy_Ooms_MVP

‎Aug 22 2021 10:42 AM

‎Aug 22 2021 10:42 AM

Re: Do I need to do a domain join to avoid multiple logins?

Hi,

I would skip HAADJ :) ... If it's possible to skip it, I would. It depends on multiple factors...If the legacy apps just files sitting on a share... no problem that will work

you will need to make sure you have azure ad connect installed as this is necessary for the SSO from your AADJ devices to your onpremise servers

I have done a huge blog on this topic...If you have any questions about it, please send me an email!

https://call4cloud.nl/2021/03/deliver-us-from-hybrid/
0 Likes
Reply
karthikajoy

‎Aug 23 2021 03:29 AM - edited ‎Aug 23 2021 03:30 AM

‎Aug 23 2021 03:29 AM - edited ‎Aug 23 2021 03:30 AM

Re: Do I need to do a domain join to avoid multiple logins?

Hi @notesguru99 , Good Afternoon,

1) I would like you to go through the below links for hybrid identity. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity 

Pass through Authentication Scenarios will Help you to Sync user account to AAD and AAD Connect responsible for authentication.

2) You can set an hostname policy in Auto pilot so this will avoid the random names for the device. This will helpful for you. 

 

Ex: 

•Device naming pattern

•%SERIAL%

•%RAND:x% (where X is the number of digits)

Preview file
135 KB
0 Likes
Reply