SOLVED

Hybrid Azure AD join without VPN

Copper Contributor

Have configured Hybrid Azure AD join successful , dsregstus AD Join yes AAD join Yes. User changed the password(New Password) from corp network and went to home.User is on cached credentials(old Password) didnt connect VPN. User able to connect with  cached credentials(old password) not changed password(New password) . Does the user needs to connect VPN in order to use changed password(New Password). We don’t want to allow users to use VPN. How the user can use changed password(New password)

2 Replies
Hi,Good morning

Looking at ms their faq

"So, user needs to establish connection with the domain controller (either via VPN or being in the corporate network) before they're able to sign in to the device with their new password."


https://docs.microsoft.com/en-us/azure/active-directory/devices/faq#q-do-windows-10-hybrid-azure-ad-...

best response confirmed by JE (Copper Contributor)
Solution
Hi @JE,

I agree with Rudy you always need VPN with Hybrid Join.

I used to be in the same boat but I used password write back from AD Connect to Active Directory, this way helped a lot as the users will be able to change their password from the cloud and write back to Domain Controller which always make them in sync with Active Directory. The user still needs vpn or on prem to refresh the cached password in his/her pc but at least you always have synced passwords.

Hope this helps!
Moe

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writebac...

1 best response

Accepted Solutions
best response confirmed by JE (Copper Contributor)
Solution
Hi @JE,

I agree with Rudy you always need VPN with Hybrid Join.

I used to be in the same boat but I used password write back from AD Connect to Active Directory, this way helped a lot as the users will be able to change their password from the cloud and write back to Domain Controller which always make them in sync with Active Directory. The user still needs vpn or on prem to refresh the cached password in his/her pc but at least you always have synced passwords.

Hope this helps!
Moe

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writebac...

View solution in original post