You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Tutorial: Configure hybrid Azure Active Directory join for federated domains
21
21
22
-
In a similar way to a user, a device is another core identity you want to protect and also use it to protect your resources at any time and from any location. You can accomplish this goal by bringing and managing device identities in Azure AD using one of the following methods:
22
+
In a similar way to a user, a device is another core identity you want to protect and use it to protect your resources at any time and from any location. You can accomplish this goal by bringing and managing device identities in Azure AD using one of the following methods:
23
23
24
24
- Azure AD join
25
25
- Hybrid Azure AD join
@@ -58,7 +58,7 @@ Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to
58
58
- Backs up your existing Azure AD relying party trust
59
59
- Updates the claim rules in your Azure AD trust
60
60
61
-
The configuration steps in this article are based on this wizard. If you have an older version of Azure AD Connect installed, you need upgrade it to 1.1.819 or higher. If installing the latest version of Azure AD Connect is not an option for you, see [how to manually configure hybrid Azure AD join](https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual).
61
+
The configuration steps in this article are based on this wizard. If you have an older version of Azure AD Connect installed, you need upgrade it to 1.1.819 or higher. If installing the latest version of Azure AD Connect is not an option for you, see [how to manually configure hybrid Azure AD join](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-manual).
62
62
63
63
Hybrid Azure AD join requires the devices to have access to the following Microsoft resources from inside your organization's network:
64
64
@@ -68,9 +68,9 @@ Hybrid Azure AD join requires the devices to have access to the following Micros
68
68
- Your organization's STS (federated domains)
69
69
-`https://autologon.microsoftazuread-sso.com` (If you are using or planning to use Seamless SSO)
70
70
71
-
Beginning with Windows 10 1803, if the instantaneous Hybrid Azure AD join for federated environment using AD FS fails, we rely on Azure AD Connect to sync the computer object in Azure AD that is subsequently used to complete the device registration for Hybrid Azure AD join. Verify that Azure AD Connect has synchronized the computer objects of the devices you want to be hybrid Azure AD joined to Azure AD. If the computer objects belong to specific organizational units (OU), then these OUs need to be configured for synchronization in Azure AD connect as well. To learn more on how to syncronize computer objects using Azure AD Connect, see the article on [Configure filtering using Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering).
71
+
Beginning with Windows 10 1803, if the instantaneous Hybrid Azure AD join for federated environment using AD FS fails, we rely on Azure AD Connect to sync the computer object in Azure AD that is subsequently used to complete the device registration for Hybrid Azure AD join. Verify that Azure AD Connect has synchronized the computer objects of the devices you want to be hybrid Azure AD joined to Azure AD. If the computer objects belong to specific organizational units (OU), then these OUs need to be configured for synchronization in Azure AD connect as well. To learn more on how to synchronize computer objects using Azure AD Connect, see the article on [Configure filtering using Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering).
72
72
73
-
If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc302643(v=technet.10).
73
+
If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/previous-versions/tn-archive/cc302643(v=technet.10).
74
74
75
75
If you are not using WPAD and need to configure proxy settings on your computer, you can do so starting with Windows 10 1709, by [configuring WinHTTP settings using a group policy object (GPO)](https://blogs.technet.microsoft.com/netgeeks/2018/06/19/winhttp-proxy-settings-deployed-by-gpo/).
76
76
@@ -156,7 +156,7 @@ To register Windows down-level devices, organizations must install [Microsoft Wo
156
156
157
157
You can deploy the package by using a software distribution system like [System Center Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager). The package supports the standard silent installation options with the quiet parameter. The current branch of Configuration Manager offers benefits over earlier versions, like the ability to track completed registrations.
158
158
159
-
The installer creates a scheduled task on the system that runs in the user context. The task is triggered when the user signs in to Windows. The task silently joins the device with Azure AD with the user credentials after authenticating with Azure AD.
159
+
The installer creates a scheduled task on the system that runs in the user context. The task is triggered when the user does a sign in to Windows. The task silently joins the device with Azure AD with the user credentials after authenticating with Azure AD.
0 commit comments