You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/devices/azuread-join-sso.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,11 +29,11 @@ This article explains how this works.
29
29
30
30
## How it works
31
31
32
-
With an Azure AD joined device, your users already have an SSO experience to the cloud apps in your environment. If your environment has an Azure AD and an on-premises AD, you may want to expand the scope of your SSO experience to your on-premises Line Of Business (LOB) apps, file shares, and printers.
32
+
With an Azure AD joined device, your users already have an SSO experience to the cloud apps in your environment. If your environment has Azure AD and on-premises AD DS, you may want to expand the scope of your SSO experience to your on-premises Line Of Business (LOB) apps, file shares, and printers.
33
33
34
-
Azure AD joined devices have no knowledge about your on-premises AD environment because they aren't joined to it. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect.
34
+
Azure AD joined devices have no knowledge about your on-premises AD DS environment because they aren't joined to it. However, you can provide additional information about your on-premises AD to these devices with Azure AD Connect.
35
35
36
-
If you have a hybrid environment, with both Azure AD and on-premises AD, it's likely that you already have Azure AD Connect or Azure AD Connect cloud sync deployed to synchronize your on-premises identity information to the cloud. As part of the synchronization process, on-premises user and domain information is synchronized to Azure AD. When a user signs in to an Azure AD joined device in a hybrid environment:
36
+
If you have a hybrid environment, with both Azure AD and on-premises AD DS, it's likely that you already have Azure AD Connect or Azure AD Connect cloud sync deployed to synchronize your on-premises identity information to the cloud. As part of the synchronization process, on-premises user and domain information is synchronized to Azure AD. When a user signs in to an Azure AD joined device in a hybrid environment:
37
37
38
38
1. Azure AD sends the details of the user's on-premises domain back to the device, along with the [Primary Refresh Token](concept-primary-refresh-token.md)
39
39
1. The local security authority (LSA) service enables Kerberos and NTLM authentication on the device.
@@ -59,7 +59,7 @@ All apps that are configured for **Windows-Integrated authentication** seamlessl
59
59
With SSO, on an Azure AD joined device you can:
60
60
61
61
- Access a UNC path on an AD member server
62
-
- Access an AD member web server configured for Windows-integrated security
62
+
- Access an AD DS member web server configured for Windows-integrated security
63
63
64
64
If you want to manage your on-premises AD from a Windows device, install the [Remote Server Administration Tools](https://www.microsoft.com/download/details.aspx?id=45520).
65
65
@@ -71,10 +71,10 @@ You can use:
71
71
## What you should know
72
72
73
73
- You may have to adjust your [domain-based filtering](../hybrid/how-to-connect-sync-configure-filtering.md#domain-based-filtering) in Azure AD Connect to ensure that the data about the required domains is synchronized if you have multiple domains.
74
-
- Apps and resources that depend on Active Directory machine authentication don't work because Azure AD joined devices don't have a computer object in AD.
74
+
- Apps and resources that depend on Active Directory machine authentication don't work because Azure AD joined devices don't have a computer object in AD DS.
75
75
- You can't share files with other users on an Azure AD-joined device.
76
76
- Applications running on your Azure AD joined device may authenticate users. They must use the implicit UPN or the NT4 type syntax with the domain FQDN name as the domain part, for example: [email protected] or contoso.corp.com\user.
77
-
- If applications use the NETBIOS or legacy name like contoso\user, the errors the application gets would be either, NT error STATUS_BAD_VALIDATION_CLASS - 0xc00000a7, or Windows error ERROR_BAD_VALIDATION_CLASS - 1348 “The validation information class requested was invalid.” This happens even if you can resolve the legacy domain name.
77
+
- If applications use the NETBIOS or legacy name like contoso\user, the errors the application gets would be either, NT error STATUS_BAD_VALIDATION_CLASS - 0xc00000a7, or Windows error ERROR_BAD_VALIDATION_CLASS - 1348 “The validation information class requested was invalid.” This error happens even if you can resolve the legacy domain name.
Copy file name to clipboardExpand all lines: articles/active-directory/devices/azureadjoin-plan.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: devices
8
8
ms.topic: how-to
9
-
ms.date: 02/15/2022
9
+
ms.date: 01/24/2023
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -230,11 +230,11 @@ Choose **Selected** and selects the users you want to add to the local administr
230
230
231
231
232
232
233
-
### Require multi-factor authentication (MFA) to join devices
233
+
### Require multifactor authentication (MFA) to join devices
234
234
235
235
Select **“Yes** if you require users to do MFA while joining devices to Azure AD.
236
236
237
-
237
+
238
238
239
239
**Recommendation:** Use the user action [Register or join devices](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions) in Conditional Access for enforcing MFA for joining devices.
0 commit comments