HAADJ with Intune Co-Management
Hello, -I have HAADJ tenant with Intune Co-Management. -AD connect syncs devices only and not users to Entra (as users are third party provisioned and federated). -Devices appear in Azure then are added to group for Intune policy enrollment. Enrollment is done via GPO. -They get enrolled in Intune using Co-management with SCCM, Auto MDM enrollment with device credentials and appear in Intune as co-managed. -Bitlocker is applied via Intune on the devices to encrypt fixed data drives and operating system drives. GPO is applied to avoid backing up recovery key in AD as explained here. https://www.burgerhout.org/the-bitlocker-haadj-nightmare/ Question(s): 1-For testing, We encrypt and remove semantics drive encryption, Restart is done during removal then recovery key screen appears and key is requested to access device. Second Restart after uninstall, The Key is not requested. 2-After testing Recovery key is stored in Intune but not stored in the below location https://myaccount.microsoft.com/-> Devices -> Manage Devices -> Select devices -> View Bitlocker Keys (It appears only in test environment where enrollment is done via User credentials as opposed to device credentials) 3-Devies in Azure under the following URLDevices - Microsoft Entra admin center-> Show an owner when device is first moved with AD sync however later on owner is removed and the behavior is very random, However in Intune, Devices show a Primary user logged in as long as someone is logged in to office which is fine and acceptable. So what could be the reason for issue in Azure/Entra?Map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices.
We have an on-premises Active Directory (AD) environment connected to Azure AD via AD Connect. We’ve successfully joined our devices to Azure AD using Azure AD Join (MEJ) through Autopilot. We also, using Passthrough Authentication (PTA) for Authentication and we have 3 PTA agents (Including AAD Connect) on-premises. Now, we want to grant users access to an on-premises file share (File server) while they are physically connected to the local network at the office. Each user has an individual Home Drive (H:) defined in their On-premises "Home-Directory attribute" (HomeDirectory), and we want to make this H drive accessible for any users who sign-in to a locally connected shared AADJ devices at the office (We don't want these H drives to be available for remote users).Our shared AADJ devices currently have access to on-premises share files when they’re locally connected at the office, but they don’t have access to user's home drive now. In summary, we want to map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices for any individual users who sign in to these devices.
