SOLVED
Home

OneDrive WVD and AAD

%3CLINGO-SUB%20id%3D%22lingo-sub-1185225%22%20slang%3D%22en-US%22%3EOneDrive%20WVD%20and%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1185225%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20first%20logging%20on%20to%20OneDrive%20with%20a%20new%20user%20in%20WVD%2C%20one%20of%20the%20final%20questions%20of%20the%20process%20are%20if%20you%20want%20to%20let%20your%20company%20administer%20this%20device%20or%20not.%20Theres%20also%20an%20option%20that%20says%20%22This%20app%20only%22.%20What%20are%20the%20effects%20of%20letting%20the%20company%20administer%20this%20device%2C%20and%20what%20would%20be%20the%20best%20option%20for%20WVD%20%22servers%22%3F%20In%20Azure%20AD%20the%20VMs%20are%20listed%20multiple%20times%20with%20different%20user%20names%20as%20%22Azure%20AD%20Registered%22.%20The%20WVD%20VMs%20are%20hybrid%20domain-joined.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20that%20can%20shed%20some%20light%20on%20this%20topic%20for%20me%3F%20Thanx%20in%20advance%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1186540%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20WVD%20and%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1186540%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377587%22%20target%3D%22_blank%22%3E%40Mtollex70%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20we%20had%20this%20issue%20until%20we%20also%20configured%20SSO%20for%20authentication%20along%20side%20hybrid%20ad%20devices.%20you%20will%20stop%20seeing%20these%20device%20registrations%20if%20the%20device%20is%20appearing%20as%20a%20hybrid%20joined%20device%20and%20the%20machine%20has%20the%20URL%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fautologon.microsoftazuread-sso.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fautologon.microsoftazuread-sso.com%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elocated%20in%20the%20Intranet%20zone%20the%20PC%20for%20Seamless%20authentication%20to%20work%20correctly.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehaving%20the%20above%202%20configured%20should%20mean%20that%20this%20issue%20doesn't%20appear%20again%20for%20any%20of%20your%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3EWill%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1186553%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20WVD%20and%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1186553%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F480217%22%20target%3D%22_blank%22%3E%40WillSomerville%3C%2FA%3EOk%2C%20i%20will%20try.%20But%20you%20mentioned%20only%20one%20step%2C%20to%20have%20the%20address%20in%20the%20intranet%20zone%20on%20the%20VM%2C%20but%20what%20is%20the%20other%3F%20Maybe%20i%20misunderstood%20something..%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1186571%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20WVD%20and%20AAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1186571%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377587%22%20target%3D%22_blank%22%3E%40Mtollex70%3C%2FA%3E%26nbsp%3BApologies%2C%20So%20you%20will%20need%20to%20ensure%20that%20your%20user%20sign%20in%20is%20configured%20as%20per%20my%20previous%20post.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22WillSomerville_0-1582282911552.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172458i93697C94CB4020C6%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22WillSomerville_0-1582282911552.png%22%20alt%3D%22WillSomerville_0-1582282911552.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhich%20is%20the%20only%20step%20left%20for%20you%20to%20configure%20as%20you%20have%20already%20configured%20your%20AD%20to%20Sync%20devices%20to%20Azure%20AD.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BAs%20long%20as%20your%20hybrid%20devices%20are%20appearing%20like%20so%20below%20then%20once%20you%20do%20the%20above%20work%20you%20shouldnt%20have%20an%20issue.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22WillSomerville_1-1582282722213.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172456iDEE925385BDA3978%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22WillSomerville_1-1582282722213.png%22%20alt%3D%22WillSomerville_1-1582282722213.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20to%20clarify%20you%20should%20have%20the%20following.%3C%2FP%3E%3CP%3ESSO%20configured%20for%20users%20accessing%20365%20resources%20such%20as%20onedrive%20etc.%3C%2FP%3E%3CP%3EDevice%20sync%20to%20Azure%20AD%20to%20establish%20that%20trust%20between%20device%20and%20services%20automatically%20instead%20of%20prompting%20users%20to%20register%20the%20device%20when%20they%20first%20go%20to%20sign%20in.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3EWill%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

When first logging on to OneDrive with a new user in WVD, one of the final questions of the process are if you want to let your company administer this device or not. Theres also an option that says "This app only". What are the effects of letting the company administer this device, and what would be the best option for WVD "servers"? In Azure AD the VMs are listed multiple times with different user names as "Azure AD Registered". The WVD VMs are hybrid domain-joined. 

 

Anyone that can shed some light on this topic for me? Thanx in advance :)

3 Replies
Highlighted

@Mtollex70 

 

Hi, we had this issue until we also configured SSO for authentication along side hybrid ad devices. you will stop seeing these device registrations if the device is appearing as a hybrid joined device and the machine has the URL 

https://autologon.microsoftazuread-sso.com 

located in the Intranet zone the PC for Seamless authentication to work correctly. 

 

having the above 2 configured should mean that this issue doesn't appear again for any of your users. 

 

Cheers

Will 

Highlighted

@WillSomervilleOk, i will try. But you mentioned only one step, to have the address in the intranet zone on the VM, but what is the other? Maybe i misunderstood something.. 

Highlighted
Solution

@Mtollex70 Apologies, So you will need to ensure that your user sign in is configured as per my previous post.

WillSomerville_0-1582282911552.png

 

which is the only step left for you to configure as you have already configured your AD to Sync devices to Azure AD. 

 As long as your hybrid devices are appearing like so below then once you do the above work you shouldnt have an issue.

WillSomerville_1-1582282722213.png

 

So to clarify you should have the following.

SSO configured for users accessing 365 resources such as onedrive etc.

Device sync to Azure AD to establish that trust between device and services automatically instead of prompting users to register the device when they first go to sign in.

 

Cheers

Will