Join us June 17–18 for a deep dive into Copilot Control System—live expert-led sessions and Q&A on data security, agent lifecycle, adoption, and more! Learn more >

AAD

5 Topics

BitLocker recovery key not being uploaded into Intune when using BackupToAAD-BitLockerKeyProtector
Hello, We are having an issue with the BackupToAAD-BitLockerKeyProtector PowerShell cmdlet to upload the BitLocker recovery key of our devices into AAD/Intune. We currently use Sophos Device Encryption to encrypt our devices but want to migrate the recovery keys into Intune as we transition to Intune BitLocker policies. We created a script that attempts to upload the BitLocker recovery key into Intune but it appears the BackupToAAD-BitLockerKeyProtector cmdlet only works on devices where the user logs in with a domain account, and not a local Windows account. Is this standard behaviour? I would have assumed that since the device is enrolled into Intune it would use the Management Extension to communicate with Intune for this task - and have no reliance on the logged in user. Looking at the BitLocker PowerShell module itself, a method named " BackupRecoveryInformationToCloudDomain" is called when this cmdlet is executed. I haven't been able to find much online about what happens beyond here. It would be good to know a bit more about this cmdlet as documentation is limited online. Cheers
Solved
ethanchal
Sep 11, 2023 Place Microsoft Intune
38KViews
0likes
7Comments
Hybrid Azure AD join without VPN
Have configured Hybrid Azure AD join successful , dsregstus AD Join yes AAD join Yes. User changed the password(New Password) from corp network and went to home.User is on cached credentials(old Password) didnt connect VPN. User able to connect with cached credentials(old password) not changed password(New password) . Does the user needs to connect VPN in order to use changed password(New Password). We don’t want to allow users to use VPN. How the user can use changed password(New password)
Solved
JE
Jan 11, 2022 Place Microsoft Intune
9.1KViews
0likes
2Comments
AD Broken trust relationship
We are in situation where our machines broken trust relationship. End users not ready to come back office and the object aren’t in AD. Now we want to make them Hybrid AAD join/Azure AD join Is there a way to bring the machine back to domain?
JE
Jan 06, 2022 Place Microsoft Intune
5.3KViews
0likes
9Comments
Devices still shows up in AAD after deleting/retiring from Intune
Hi, I have noticed that after deleting/retiring devices (Mobile or Laptop) from Intune, they still show up in Azure Active Directory associated with the user. Is this a know thing? I was expecting them to get devices deleted from AAD once the devices are deleted from Intune. Anyone has encountered this issue or anyone knows what is the best practice to follow? Thanks, Yash
yashsedani
Sep 27, 2021 Place Microsoft Intune
13KViews
0likes
1Comment
Disable Windows Hello for Business
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Joshua Dolecal
Nov 24, 2020 Place Microsoft Intune
44KViews
0likes
7Comments