Configure Local Admins on Intune Hybrid joined devices, per device
Hi, I'm looking for a way to manage local administrators on the Windows Endpoint devices. These devices are currently in a hybrid joined configuration. We have a hand full of users that use VPN and a majority the don't, they consume online services. The original plan was to use AD groups one per machine and then where required assign user the user to the group for the target machine. In reality this only works reliable for users who are on site as the VPN causes issue with the user membership not being updated. The vpn is not running until after login. and obviously users who do not use the vpn will never be able to have the group added. I have been looking to see if I can use groups in AAD, but I'm not seeing any clear examples except for managing groups of machines. I have found that it can be done via policy, but I have my doubt about how good it may be to have hundreds of policies for this purpose. Has anyone else had experience solving this or similar, and can make suggestions ? Thanks
MFA for On-prem and Azure Applications
Hello How can we implement MFA on both on-prem environment and Azure. Right now I have MFA configured for our Azure tenant but it only supports Cloud apps. We are using the same O365 accounts for our on-prem applications as well, but MFA is not prompting when are trying to access them. Is there any way we can configure it for on-prem apps as well. Currently, we have his Azure AD Premium P1 license.