Migrating On Prem AD to Azure AD and doing away completely with On Prem AD
One of my customers is presently using Azure AD and they are syncing with their On Prem AD using Azure AD Connect. The authentication being used is PHS. Now, they would like to get rid of their On Prem AD completely and would like to know what are the implications in doing so and how users would be affected during the cutover. Since there is no straightforward migration option of On Prem AD to Azure AD completely, what options do i have here ? Will it help to setup an IaaS VM in Azure and promote it as a domain controller and sync it with On Prem Domain Controller? Or we can make use of Azure AD DS service. Any help on this would be appreciated
AADSTS75011 by which the user authenticated with the service doesn't match requested authentication
We're experiencing problems with a certain application that we've registred in Azure. Sorry, but we're having trouble signing you in. We received a bad request. AADSTS75011 by which the user authenticated with the service doesn't match requested authentication method 'Password Protected transport' Situation: user logs in (Citrix-environment) IE11 is auto-started. Default startpage = our intranet on SharePoint Online (at this moment SSO kicks in and the user will be logged in automatically in office.com / SharePoint Online) User starts new tab in IE11, navigates to the application's login-url (external SaaS application) and poof; the error shows up When user starts Chrome at this moment and navigates to the application's login-url again, he WILL be logged in automatically. The software-developer says it has something to do with our Azure settings or Windows environment, but we have a lot more applications registred the same way where this error never occurs. Does anyone have a clue on how to fix this? It looks like the SaaS application does not accept Windows Integrated authentication?
Azure AD Conditional Access - Require Domain Joined Device
Does the ‘Domain Join’ checkbox in Azure AD Conditional Access require Azure AD Domain join, or does it mean on-premises Domain Join? The attached screen shot says ‘Not Azure AD Domain Join’ but the documentation shown in the screen shot seems to contradict this.
