question

MFBeatnik-5171 avatar image
0 Votes"
MFBeatnik-5171 asked ·

Getting rid of classic on-Domain Cached Credentials for Azure device login

Hi folks, hope you can help - I've been turning up a blank for my question everywhere I look.


I would like to turn off traditional cached credentials and use AAD login/password to access the laptop when on-domain and off-domain, but I simply cannot find information on whether this is possible or not.

  • I have a normal AD domain joined laptop.

  • Traditionally, I would used cached credentials to be able to log in when "off-domain".

  • We also have ADConnect with Password Hash set up.



So:

  • When attached to the corp network, I would like to log in with normal login (domain\user) or the Azure style UPN (user@domain.com) and access all on-domain resources. I don't mind if we have to move to UPN only.

  • When roaming (off corp network) I would still be able to login with the same UPN, so I can get access to my local profile on the laptop, and access any resources that are still presented through AAD.


I have a hybrid joined laptop, but it will not let me log in as the user off domain (states that domain could not be contacted, as it's looking for my on-domain AD server it seems).



Is it possible? How can I achieve this?

Thanks



azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JasonWroot-0481 avatar image
0 Votes"
JasonWroot-0481 answered ·

Unfortunately there is no way around this.. a Hybrid joined laptop still has to communicate directrly (line of site) with an AD DC to update cached creds.

The only feasible way I've seen (at the time of writing) is for a laptop to be AAD joined only.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.