Forum Discussion
Hybrid Azure AD join without VPN
Have configured Hybrid Azure AD join successful , dsregstus AD Join yes AAD join Yes. User changed the password(New Password) from corp network and went to home.User is on cached credentials(old Password) didnt connect VPN. User able to connect with cached credentials(old password) not changed password(New password) . Does the user needs to connect VPN in order to use changed password(New Password). We don’t want to allow users to use VPN. How the user can use changed password(New password)
- Hi JE,
I agree with Rudy you always need VPN with Hybrid Join.
I used to be in the same boat but I used password write back from AD Connect to Active Directory, this way helped a lot as the users will be able to change their password from the cloud and write back to Domain Controller which always make them in sync with Active Directory. The user still needs vpn or on prem to refresh the cached password in his/her pc but at least you always have synced passwords.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
- Hi,Good morning
Looking at ms their faq
"So, user needs to establish connection with the domain controller (either via VPN or being in the corporate network) before they're able to sign in to the device with their new password."
https://docs.microsoft.com/en-us/azure/active-directory/devices/faq#q-do-windows-10-hybrid-azure-ad-joined-devices-require-line-of-sight-to-the-domain-controller-to-get-access-to-cloud-resources - Hi JE,
I agree with Rudy you always need VPN with Hybrid Join.
I used to be in the same boat but I used password write back from AD Connect to Active Directory, this way helped a lot as the users will be able to change their password from the cloud and write back to Domain Controller which always make them in sync with Active Directory. The user still needs vpn or on prem to refresh the cached password in his/her pc but at least you always have synced passwords.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
