Former Employer Abuse
My former employer, Albert Williams, president of American Security Force Inc., keeps adding my outlook accounts, computers and mobile devices to the company's azure cloud even though I left the company more than a year ago. What can I do to remove myself from his grip? Does Microsoft have a solution against abusive employers?
Windows AD, Azure AD
Hello everyone I connected with Windows AD and Azure AD. When I create a Windows Account in Windows AD, it is also created in Azure AD. However, when you join a domain with Azure AD on your PC, you can register a device only with Azure AD, and you can't register a device with Windows AD. The User Account is sync, but I think the device is not syncing. I've tried various settings through search, like GPO, device options... but they're still not working. How can I sync my device? I'd like to ask for your help.
Initial Setup - Partial Management?
Hi Everyone, The background: Org A (300 users) has acquired Org B (20 users) Org A is a hybrid cloud/on-prem. Org B is on-prem. The goal: Org B migrates into Org A as 100% cloud-native endpoints, thus serving as our proof-of-concept to migrate all users/computers cloud-native endpoints going forward. The question: I want to use the LEAD guide to deploy Intune, but I don't want to get "railroaded" into deploying it for anyone outside of the Org B group. The only accounts with Intune-included licenses are my own and Org B users.Is a limited deployment like this advised? Any other tips for having a cloud-only subset of endpoints work harmoniously with the hybrid environment? Thank you! -GAzure Local Administrator Assignment
Hi All, Quick question, which I may already have answered, but hoping there is an alternative. We are implementing Azure AD Joined Device Administrator. We already have a substantial amount of groups with assigned roles that we use for PIMs and would like to use these to assign them as local admins. After some testing the AD Synced accounts 9nested in these groups) do not get assigned. the only accounts that get assigned are cloud based accounts. Is there a way to assign the AD accounts as well as the successfully assigned AAD admin accounts? I'm hoping there is.
Hybrid AD joined windows 10 computers
Hi I've already completed the the Targeted Deployment steps, setup the GPO to enable Hybrid AD joined on a group of computers. I would like to configure Hybrid AD joined-SCP config with Azure AD connect. Should I be concerned about anything? Would there be any unexpected pop-ups on windows 10 devices. My environment is 10K windows 10 machines, on-premise AD syncing to Azure.Digital event: Modernize and Migrate with Hybrid Flexibility
Boost your skills with guidance from Azure customers and experts Grow your skills and get insights from real Azure customers to navigate your cloud journey with confidence at this free digital event. Discover best practices and resources to accelerate every stage of your modernization and migration with Azure. Register now to: Learn best practices in technical sessions on modernizing and migrating specific workloads—including .NET, Java and web apps, relational data, and servers. Get insights from real-life modernization examples with enterprise customers who successfully modernized and migrated with Azure. Learn to manage and govern assets consistently across hybrid environments. Register now > Get a chance to win Surface headphones, Surface earbuds, or a Bose SoundLink micro speaker by registering now for this free digital event. 15 winners will be selected following the event. Boost your chances by earning entry points through activities like knowledge checks and an event survey. No purchase necessary. Open only to registered event attendees 18+. Game ends April 13, 2022. For official rules, see https://aka.ms/AzureModernizationDigitalEventSweepstakes. Modernize and Migrate with Hybrid Cloud Flexibility Wednesday, April 13, 2022 9:00 AM to 11:00 AM Pacific Time
What actually happens after running the "disable directory synchronization" powershell script?
We do not have a test environment so cannot test this. What actually happens after running this script? https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide Does it simply toggle the Azure user Directory Synced Yes to No? Are existing passwords retained, memberships etc? I wish this could be run by user so I can see exactly what it's doing first but applying this to all 150 users at once causes some pause for sure. The majority of our devices are still "authenticated" to our local AD, however, since they have not been in the office and we do not use VPN, they are all disconnected anyway. Our plan is to authenticate to Azure, but we need their account to first be cloud-only. I have tried moving an account to a non-sync'd OU, which does break the connection, however, the user shows up in Deleted users and we have to restore them. That's all fine, however, Microsoft Teams does not work anymore and has issues connecting. Add to that ALL the user's private channel memberships are wiped and not restored so it's a massive headache doing it this way. Any ideas on how we can do this by user?
AADDS - Forest type Resource sync native AzureAD users and excludes previously syncronized users
Scenario: 2015: Company had an on-premises AD. Wanted to start using Office365 licenses. Enabled dirsync/aad connect to synchronize users to AzureAD and use SSO functionality 2017: The company decided to migrate all their on-premises stuff like files, skype to teams and so on. Then dirsync was shut down and all users was considered as“cloud only”. 2020: The company then acquired another company requiring a resource forest AADDS to fulfil migration needs of that specific legacy application portfolio. Only users from the new onpremise AD and newly created "native" AzureAD accounts are able to consume the resources from the AADDS domain. Previously synced users are excluded from AADDS. Why? This is behavior seems to be caused by a hard coded limitation in the AADDS sync engine related to the value for the AzureAD attributeonPremisesSyncEnabled. Sync engine only allows syncronization of users with the value "null", that only native AzureAD users get. Previously synced users gets a value false and are excluded from the sync and denied access to the AADDS resources. This must be a bug? I can't find any reason for differentiating between previously synced users and native AzureAD users in this context. onPremisesSyncEnabled is a read only attribute in AzureAD so company has 2 identified options: 1: Recreate all previously synced users, connect email, teams, onedrive and so on. Reinstall PCs to getonPremisesSyncEnabled set to null 2: Delete existing AADDS domain as a user forest and recreate production environment Anyone having an idea to solve this issue? To me it seems like a bug in the sync engine, meaning they forgot to include the value false as a "valid" value.
