question

KieigStefan-0620 avatar image
0 Votes"
KieigStefan-0620 asked YonathanGrunewald-7874 answered

Azure AD Domain Services and Azure AD hybrid join

I have a cloud-only environment. Now I want to connect all VMs that are connected to my Azure AD domain services also to Azure AD (hybrid).
I would like to manage my VWD environment (windows 10 mutli user) in intune. How can I do this?

Thank you for your support
Stefan

azure-active-directoryazure-ad-domain-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars avatar image
0 Votes"
sikumars answered

Hello @KieigStefan-0620 ,

Thanks for reaching out.

This is not supported scenario, because one of the prerequisite for Hybrid Azure AD join is to configure Azure AD Connect", but It's not supported to install Azure AD Connect in a Azure AD Domain Services to synchronize objects back to Azure AD.

Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments.

Reference: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization#synchronization-from-on-premises-ad-ds-to-azure-ad-and-azure-ad-ds

You could use Azure Active Directory (Azure AD) Join, which joins the device with Azure Active Directory and enables users to sign in to Windows with their Azure AD credentials. If Auto Enrollment is enabled, the device is automatically enrolled in Intune and you can manage them in Intune.

To learn more:
Intune enrollment methods for Windows devices: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
Azure AD joined devices: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join

Hope this helps


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bjoernhoeferacp avatar image
0 Votes"
bjoernhoeferacp answered NikhilGeorge-3387 commented

Hello @sikumars-msft,

thanks for the hint - I'm currently facing the same issue/question.

To sum it up:

  • Azure AD Connect is not an option in an AADDS-Setting

  • If Auto Enrollment is enabled the device must be joined by the user during OOBE

My question is now:
According to your link: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods there are several methods for enrollment - but in the current setting the enrollment options is this - https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network

When we add the (test-)users account the device shows up in the Azure Active Directory - but we do not see it in the endpoint manager admin center.
The settings were don according to this tutorial: https://docs.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment and the user is part of the intune enabled grousp.

Any clues, why the device is not showing up, or did we miss some configuration part?


Kind regards

Björn

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @bjoernhoeferacp how did you solve this problem you faced?

0 Votes 0 ·
YonathanGrunewald-7874 avatar image
0 Votes"
YonathanGrunewald-7874 answered

we are stuck on the same issue. can't enroll VMs to Intune, can't configure Hybrid AD join etc.
Seems like a needed feature to allow management of Azure ADDS joined devices using intune, or enabling SSSO for VMs was overlooked..

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.