Hoping someone can help.
On a newly provisioned AADDS domain it is not possible to login AzureAD domain synced user to domain joined VMs using NLA. This is what we know:
Any users that are synced from AzureAD to AzureADDS cannot login to any VMs using NLA (using their UPN)
Users that are created directly in AADDS can login using NLA (using their UPN).
The issue affects several Windows clients, all of which are up to date
Users that are synced from AzureAD to AzureADDS can do all other things, including logging into RDP when NLA is disabled.
It feels like that the synced users are not having their passwords stored in a way that is compatible with CredSSP (which I believe NLA relies on).
We have tried deleting and recreating ADDDS, but this did not help. I've setup AADDS several times in the past and never had this problem.
I am now at a loss of how to troubleshoot this further.
Any ideas anyone please?
Thanks in anticipation.
Rob