Hi Andy. Great videos by the way. just for clarity but you absolutely can manage machines that are Azure AD Hybrid joined using Intune. We do exactly this. You need to enable a group policy that enrolls the device in MDM first. The setting is under Computer\Windows Components\MDM 'Enable Automatic MDM Enrolment using default Azure AD credentials'. Our client machines are currently joined to our on premise AD but are co managed in Intune, the idea being that we slowly but surely shift management of the endpoints away from group policy and into Endpoint Manager over time. Eventually, we'll be in a position to have all our endpoints completely cloud native ☁️
You are indeed partly correct. SCCM in hybrid or co management allows you to SEE both segments for convenience. But I am correct when I say only either AD or AAD can authenticate. Current branch mode allows you to manage both in either product, to a point for convenience. But ultimately it’s not a long term solution. That said you make some great points and I really appreciate the comment👍😊
@@AndyMaloneMVP Absolutely. With the rise of work from home and client mobility, endpoints have to be cloud native going forward and that is our goal. Cheers!
Hi Andy, What is the downside of joining my 90 odd PC's and Laptops to Hybrid Azure AD? I want to get rid of Sophos Intercept X (cost) and use Microsoft Defender/Endpoint instead (that we are already licensed for), and for that we need to go down the route of enrolling in Intune. The process seems easy enough to do (via our already running AAD Connect on a DC) but you seem (from what you said at the start) to not like Hybrid joining? I am in no real hurry or any real desire to give up my On-Prem environment with all my GPO's, fileshares, SQL based accounting package etc ;)
Hi Dave. This is a question I asked a lot :-) Personally I think there is very little in having client PCs hybrid joined. Yes you can apply conditional access policies. But in terms of management it's expensive with the fact that it's managed on-prem with SCCM & Intune Add ins. If you Azure AD join your PCs directlty you can migrate group policy settings across and it's already configured for SSO AND you can manage it directly from the cloud. You don't need sophos as Windows Defender rocks. That's my opinion :-)
Hope to be a guru one day thanks to you.For now just a basic computer technician.Just discover you chanels few days ago and subscribe right away.Thanks
Today, I was testing a PC to join AAD (we usually do the Autopilot route), but I couldn't see the "Join this device to Microsoft Entra ID", just missing. I found a forum where somebody mentioned switching the workgroup from WORKGROUP to MSHOME, so I tried that. After the reboot, I was able to see the option. Do you know if this is documented somewhere?
Hi Andy, Great Video. My tenant has a whole bunch of devices I have connected to the basic Azure AD, I want to move them to intune. What's the process to move them from Azure to Intune?
Assign a licence. Follow the documentation. techcommunity.microsoft.com/t5/microsoft-intune/onboarding-devices-from-aad-to-intune-and-beyond/m-p/3697731 and here call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
He'llo Andy Give me answer please I have very basic requirement that normal users cannot install any software without admin privileges. Please guide me. As some policy I used but it restrict only from installing app from windows app store only but over all so when they need I can use admin privileges to install any software or application in windows intune devices
It appears that there is obviously a restriction in place here. You need to have some form of admin privileges to continue. If you want to learn the subject, I recommend creating a Microsoft 36 E5 subscription with EM&S as this will allow you to practice. You can also check out the full learning content at lauren.microsoft.com. I wish you the very best of luck 👍
@@AndyMaloneMVP Thank you for your kind reply. Please recommend some channel that will help me to deploy Microsoft intune focus will be on windows 10 and 11. I have gone through intune videos but I need further training
Many Thanks for your work and affords. I've red that Hybrid Azure AD joined devices require network line of sight to your on-premises domain controllers periodically. If I've added device to on-prem AD and logged in under domain user, then that device has been given to the user who won't have that periodic connectivity. Does it mean the after some time that user won't be able to login under domain account?
Hi Andy, why is the Azure user JoniS an administrator after the device has been registered with the name? It's the same for me, but that can't quite fit if JoniS is not an administrator at all. I couldn't register the device with a local account, so not admin. The selection for this was not displayed.
Hi Andy great video. I have 40 laptops not in On-premise AD and 40 in On-premise AD. We like to use intune for mangement. How do we go from here? AD server is Windows 2022. All run win 10 and 11 (with Office 365 business premium) Im thinking of letting all laptops join Azure AD and connect the AD server to Azure. That will give a mix of computer only in Azure AD and some in On-premiere AD, connected to Azure. Will that work? Or do we need to let all devices join on-premise AD before connevting the server to Azure
Thanks very much for your question. The answer is absolutely you can set these up to talk to Azure AD. I think you’ll find this playlist really helpful for youth-cam.com/play/PLEgclf_4HA-iIHhRTlzgZOIIxJ--Pxz9C.html
Hi Andy, is it possible to add a device to Intune after they are already registered with Azure AD? I have enabled MDM for some users, added a security group, and included the usesr in the security group. However, when the user logs on, their Azure AD device doesn't enrol in Intune, all users have Office 365 premium licenses
Hi Andy, as always a fantastic insight. However, i have a question that no one putting up videos of Azure AD joining seems to cover. When you login to a device as the admin and join a standard user to AAD, it seems to then turn them into an administrator (presumably of the device they are logged in to). This can't be a good practice, surely. So how do you join them as standard users?
This is a common one. In the Intune autopilot OOBE (out of the box) settings there is an option to install as regular user or local admin. I’ll bet you’ve chosen the latter by mistake. joymalya.com/manage-local-admin-accounts-with-intune/ & here docs.microsoft.com/en-us/answers/questions/129120/enabling-local-administrator-account-on-windows-10.html
quetions: 1. can I use intune to depoly app to the Hybrid Azure AD Joined Devices? 2. other than using GP, can I set configuation profiles in tune and deploy to the Hybrid Azure AD Joined Devices?
No, and no, I’m afraid. In tune works with enter ID join devices and users need an appropriate license. As I’ve mentioned in the video hybrid devices are managed by active directory not in tune. You can see limited attributes in the device pain of the user account and can use conditional access However to get the full benefit you require in tune. Device profiles are managed by enterprise state roaming and in tune.
This video was meant for me no doubt about it. Our organization recently implemented a Teams VoIP telephony with yealink desk phones. The issue we are experiencing is some devices are not completing the sign up process on Company portal for intune and these are all Android OS devices. Is possible Andy to do a video on enrollment of Teams Android based desktop phones which will include MDM & Conditional access of these devices
Hey thanks for the nice comment and great to have you on board. I recorded a video on Teams voice a while back. You should check it out. I’ll be honest here, when I get specific requests like this it’s tricky as some feature even I don’t use. Android being one of them. So I’m really sorry, like I’ve said I’m an instructor and a support help desk and although I try my best, sometimes I can’t fufil every request, I hope you understand. Good resources for you though would be docs.Microsift.com and the Microsoft tech community. Also make sure all of your users are licensed. Good luck 👍😊
The Video is indeed for me...Thank you so much for your efforts. one question from my end. How will we join AD installed in Server 2012 users and computers to AAD. are the existing Group Policies will Apply post sync to AAD? OR do we need to add different roles to Computers /Devices in AAD For Managing them.?
Thanks for the question. Here is a video on Azure AD connect. This is the tool that sets up a hybrid connection. In terms of group policy you can either use the group policy analytics tool in Intune that can help migrate policies. Or just start fresh.th-cam.com/video/muHVbeONGqA/w-d-xo.html with way check out docs.Microsoft.com they have some great documentation 😊👍 Good luck
@@sastreaj Your users can be active directory joined but the devices can be Azure AD joined. I would advise you also to take a quick look at docs.microsoft.com this is the definitive repository for all documentation for Microsoft 365 if there is an answer, this is where you’ll find it.
Thank you for information Andy, it is very clear and easy to understand. Could you please explain the difference between accessing corporate data on a personal laptop if using the Microsoft Company Portal app compared to the option within 'Settings' > Account > 'Add a Work or School account'?
The company portal allows you to access content in a bubble. For example, when you open documents, it opens it within a portal. You cannot cut copy or paste content or take screenshots from within the portal to other applications. Thus ensuring security. This is perfect in a BYOD environment. In a full corporate deployment, the entire device is managed by corporate, i.e. all the settings and configuration. I hope this helps and thanks again, Andy
@@AndyMaloneMVP Thank you Andy for your reply and help. Does Azure or Endpoint/Intune give you the option to enforce a policy whereby any staff using a personal laptop and wishing to access Work Emails/Organisation OneDrive/Corporate MS Teams account must use the Microsoft Company Portal app? Therefore preventing staff from simply accessing business Office365 applications from the browser on their personal laptop.
@@AndyMaloneMVP Thank you Andy. I will see what I can do with conditinal access. I am a newbie and just started working with Endpoint and Azure. Thank you for your videos!
Admin roles allow you to delegate specific admin roles to users. See the doc here docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control whereas account protection policies are a new preview feature (not reviewed by me yet) details here docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy#:~:text=Use%20Intune%20endpoint%20security%20policies,Microsoft%20Endpoint%20Manager%20admin%20center. Device admin role here docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
Hi Andy, what about Azure registered devices? It's registered the same way as Azure joined. I can't really see the difference. Thank you for your informative videos!
Azure AD registered device work in the same way. Except, that when you deploy applications, they appear in a portal on the users phone. Do you remember that registered devices are BYOD or bring your own device and are owned and managed by us, not corporate.
Hi Everyone, I just upgraded our users from Windows 11 Home to Windows 11 Pro. Some were able to join Join this device to Azure Active Directory but two of our users don't have the Join this device to Azure Active Directory option.
say you have a small office of around 25 works (to be 30 next year) and they work in 3-shift and only 10 laptops that are shared at each shift. - can we prevent user from joining device to Azure AD or Intune ? - can an admin join them to azure ad + Intune, and allowed the staff to sign-in to any of the device using their azure account and allows their settings to follow them ? - I don't want an ADDS Server, just Cloud only system { Microsoft 365 Apps }
You can set that only specific users can do an azure ad domain join. In my video chat did all. But you can select specific users. Also specific admins as well. In terms of using laptops which are shared you may want to take a look at this. I think you’ll find it useful docs.microsoft.com/en-us/mem/intune/configuration/shared-user-device-settings
Hi - I have a question, maybe someone has an answer - I tried to connect my laptop to customers Azure network and got message on the screen that my laptop is registered with another Azure domain and welcomed me to connect to that Azure domain - any ideas what it is - some kind of protection? Thanks a lot!
I'll bet that the laptop you're using is connected to your Microsoft 365 account. You can tell if you go into a web browser to portal.office.com If it does not prompt you for a username etc. You're already connected. Another way is to go into accessories - Accounts - School and workplace join . If you're already connected you'll see the account details here. Another obvious Q, what edition of Windows are you using? Pro or Enterprise. As I said in the video Win 10/11 devices can only be connected to one domain at a time. Either On prem Windows Server AD or Azure AD (Microsoft 365). I hope this helps and good luck.
@@AndyMaloneMVP This laptop doesnt have MS 365 installed, it was returned from the rent and fresh Win10Pro installed - also doesnt have any connections to any domains so far. I quess Azure uses some hardware identification/authorisation since how the current Azure domain (to which I'm going to connect knows about the old one and doesnt allow me to connect)?
6:00 The Azure Directory option has been removed. When I log into my work account that account is added to my personal Microsoft account. I cannot then log in or out the two accounts as I used on Win 10. I see one log in with 2 accounts. This is NUTS ! EDIT - I am using Win 11 Home, I presume I need to install Win 11 Pro to get Azure?
Not sure about apps, but there are plenty of sites than can help you. Earlier this year I recorded a session on how to get certified. I put lots of tips and advice into that. You can find it here. th-cam.com/video/qA5Hy36onbw/w-d-xo.html I wish you the very best of luck my friend 👍😊
A user must have an Azure AD account and the device must be Azure AD joined then the user just signs in using standard single sign on. Check out docs.microsoft.com for more details.
This is so helpful as someone who is looking to migrate from AD to AAD.
Hi Andy. Great videos by the way. just for clarity but you absolutely can manage machines that are Azure AD Hybrid joined using Intune. We do exactly this. You need to enable a group policy that enrolls the device in MDM first. The setting is under Computer\Windows Components\MDM 'Enable Automatic MDM Enrolment using default Azure AD credentials'. Our client machines are currently joined to our on premise AD but are co managed in Intune, the idea being that we slowly but surely shift management of the endpoints away from group policy and into Endpoint Manager over time. Eventually, we'll be in a position to have all our endpoints completely cloud native ☁️
You are indeed partly correct. SCCM in hybrid or co management allows you to SEE both segments for convenience. But I am correct when I say only either AD or AAD can authenticate. Current branch mode allows you to manage both in either product, to a point for convenience. But ultimately it’s not a long term solution. That said you make some great points and I really appreciate the comment👍😊
@@AndyMaloneMVP Absolutely. With the rise of work from home and client mobility, endpoints have to be cloud native going forward and that is our goal. Cheers!
Agreed!
Hey Andy love your work. Doing some intune work with hybrid devices and would love an updated version of this ;)
You help me and my partner so much in getting our O365 to Intune. Part of our cmmc certification and securing our tenant.
My pleasure and you’re very welcome. The very best of luck 😊
I'm a subscriber of your channel, and i will follow you all of the time. i do appreciate all of you videos . continue
Thank you most kindly and I really do appreciate your support 👍😊
@@AndyMaloneMVP i am sure we will talk one day soon, personally
@@emmanuelchrispher8958 why not, we’re all human 😊 Have a great day 👍
Another cracking video Andy!
Thanks Tony👍😀
Hi Andy, What is the downside of joining my 90 odd PC's and Laptops to Hybrid Azure AD? I want to get rid of Sophos Intercept X (cost) and use Microsoft Defender/Endpoint instead (that we are already licensed for), and for that we need to go down the route of enrolling in Intune. The process seems easy enough to do (via our already running AAD Connect on a DC) but you seem (from what you said at the start) to not like Hybrid joining? I am in no real hurry or any real desire to give up my On-Prem environment with all my GPO's, fileshares, SQL based accounting package etc ;)
Hi Dave. This is a question I asked a lot :-) Personally I think there is very little in having client PCs hybrid joined. Yes you can apply conditional access policies. But in terms of management it's expensive with the fact that it's managed on-prem with SCCM & Intune Add ins. If you Azure AD join your PCs directlty you can migrate group policy settings across and it's already configured for SSO AND you can manage it directly from the cloud. You don't need sophos as Windows Defender rocks. That's my opinion :-)
Hope to be a guru one day thanks to you.For now just a basic computer technician.Just discover you chanels few days ago and subscribe right away.Thanks
Live the dream my friend. Great to have you on board 🙂
Today, I was testing a PC to join AAD (we usually do the Autopilot route), but I couldn't see the "Join this device to Microsoft Entra ID", just missing. I found a forum where somebody mentioned switching the workgroup from WORKGROUP to MSHOME, so I tried that. After the reboot, I was able to see the option. Do you know if this is documented somewhere?
Unfortunately, this is common knowledge. Once a machine has been deployed with active directory you need to re-image that machine
Hi Andy , this is great man ! keep it up. Thank you for this amazing video.
Thanks Nick, you’re very welcome 😊
Great informative video sir! Many thanks.
great learning videos, thanks for uploading them Andy
My pleasure!
Hi Andy, Great Video. My tenant has a whole bunch of devices I have connected to the basic Azure AD, I want to move them to intune. What's the process to move them from Azure to Intune?
Assign a licence. Follow the documentation. techcommunity.microsoft.com/t5/microsoft-intune/onboarding-devices-from-aad-to-intune-and-beyond/m-p/3697731 and here call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
He'llo Andy
Give me answer please
I have very basic requirement that normal users cannot install any software without admin privileges.
Please guide me.
As some policy I used but it restrict only from installing app from windows app store only but over all so when they need I can use admin privileges to install any software or application in windows intune devices
It appears that there is obviously a restriction in place here. You need to have some form of admin privileges to continue. If you want to learn the subject, I recommend creating a Microsoft 36 E5 subscription with EM&S as this will allow you to practice. You can also check out the full learning content at lauren.microsoft.com. I wish you the very best of luck 👍
@@AndyMaloneMVP
Mentioned URL is not working
@@Naveed67857 the dangers of speaking text messages, it should have been learn.microsoft.com
@@AndyMaloneMVP
Thank you for your kind reply.
Please recommend some channel that will help me to deploy Microsoft intune focus will be on windows 10 and 11.
I have gone through intune videos but I need further training
@@Naveed67857 not sure I’m afraid. I do included but it’s not dedicated. If I find something I’ll let you know.
Many Thanks for your work and affords. I've red that Hybrid Azure AD joined devices require network line of sight to your on-premises domain controllers periodically. If I've added device to on-prem AD and logged in under domain user, then that device has been given to the user who won't have that periodic connectivity. Does it mean the after some time that user won't be able to login under domain account?
Not at all. However, after a period of time has gone by the user may have to re-authenticate using multifactor authentication.
Hi Andy, why is the Azure user JoniS an administrator after the device has been registered with the name?
It's the same for me, but that can't quite fit if JoniS is not an administrator at all.
I couldn't register the device with a local account, so not admin. The selection for this was not displayed.
This would not happen today. Use the LAPS service in Intune. Read the documentation at learn.microsoft.com
Hi Andy great video. I have 40 laptops not in On-premise AD and 40 in On-premise AD. We like to use intune for mangement. How do we go from here? AD server is Windows 2022. All run win 10 and 11 (with Office 365 business premium)
Im thinking of letting all laptops join Azure AD and connect the AD server to Azure. That will give a mix of computer only in Azure AD and some in On-premiere AD, connected to Azure. Will that work? Or do we need to let all devices join on-premise AD before connevting the server to Azure
Thanks very much for your question. The answer is absolutely you can set these up to talk to Azure AD. I think you’ll find this playlist really helpful for youth-cam.com/play/PLEgclf_4HA-iIHhRTlzgZOIIxJ--Pxz9C.html
I enjoy your videos, I have one question: do you have to use answer files with deploying software apps in Intune?
No
After azure joining what credentials did you sign back with? AD credentials or Entra ID credentials?
EntraID
Hi Andy, is it possible to add a device to Intune after they are already registered with Azure AD? I have enabled MDM for some users, added a security group, and included the usesr in the security group. However, when the user logs on, their Azure AD device doesn't enrol in Intune, all users have Office 365 premium licenses
Not the same device but other devices yes
@@AndyMaloneMVP Thanks
Hi Andy, as always a fantastic insight.
However, i have a question that no one putting up videos of Azure AD joining seems to cover.
When you login to a device as the admin and join a standard user to AAD, it seems to then turn them into an administrator (presumably of the device they are logged in to). This can't be a good practice, surely. So how do you join them as standard users?
This is a common one. In the Intune autopilot OOBE (out of the box) settings there is an option to install as regular user or local admin. I’ll bet you’ve chosen the latter by mistake. joymalya.com/manage-local-admin-accounts-with-intune/ & here docs.microsoft.com/en-us/answers/questions/129120/enabling-local-administrator-account-on-windows-10.html
quetions:
1. can I use intune to depoly app to the Hybrid Azure AD Joined Devices?
2. other than using GP, can I set configuation profiles in tune and deploy to the Hybrid Azure AD Joined Devices?
No, and no, I’m afraid. In tune works with enter ID join devices and users need an appropriate license. As I’ve mentioned in the video hybrid devices are managed by active directory not in tune. You can see limited attributes in the device pain of the user account and can use conditional access However to get the full benefit you require in tune. Device profiles are managed by enterprise state roaming and in tune.
I'd like to thank you for this Great efforts it's very helpful
You’re very welcome and thanks for your kind comments. I’m delighted you’re enjoying the content. All the best, Andy 😊
This video was meant for me no doubt about it. Our organization recently implemented a Teams VoIP telephony with yealink desk phones. The issue we are experiencing is some devices are not completing the sign up process on Company portal for intune and these are all Android OS devices. Is possible Andy to do a video on enrollment of Teams Android based desktop phones which will include MDM & Conditional access of these devices
Hey thanks for the nice comment and great to have you on board. I recorded a video on Teams voice a while back. You should check it out. I’ll be honest here, when I get specific requests like this it’s tricky as some feature even I don’t use. Android being one of them. So I’m really sorry, like I’ve said I’m an instructor and a support help desk and although I try my best, sometimes I can’t fufil every request, I hope you understand. Good resources for you though would be docs.Microsift.com and the Microsoft tech community. Also make sure all of your users are licensed. Good luck 👍😊
@@AndyMaloneMVP thanks maine for your honest response will post my issue in community
The Video is indeed for me...Thank you so much for your efforts. one question from my end. How will we join AD installed in Server 2012 users and computers to AAD. are the existing Group Policies will Apply post sync to AAD? OR do we need to add different roles to Computers /Devices in AAD For Managing them.?
Thanks for the question. Here is a video on Azure AD connect. This is the tool that sets up a hybrid connection. In terms of group policy you can either use the group policy analytics tool in Intune that can help migrate policies. Or just start fresh.th-cam.com/video/muHVbeONGqA/w-d-xo.html with way check out docs.Microsoft.com they have some great documentation 😊👍 Good luck
Hi Andy, does each user who logs into a device managed by Intune, needs to have an Intune license or just the admin has to have it? Thank you
It’s per user licensing, I’m afraid.
Thank you for the video Andy, is there any way to unjoint on-premises devices and join them to Azure AD without having users create a new profile?
Unfortunately not. That said it’s the device that your authenticating, not necessarily the user
@@AndyMaloneMVP Thank you for the quick replyAndy. The devices are assigned to the user and my idea is to eventually turn off the on-premises AD.
@@sastreaj Your users can be active directory joined but the devices can be Azure AD joined. I would advise you also to take a quick look at docs.microsoft.com this is the definitive repository for all documentation for Microsoft 365 if there is an answer, this is where you’ll find it.
You’re totally correct Andy. I now get it, I didn’t see it like that. I’ll worry about joining the device and keep the user in AD.
@@sastreaj No worries and thanks for the question 😊👍
Thank you for information Andy, it is very clear and easy to understand.
Could you please explain the difference between accessing corporate data on a personal laptop if using the Microsoft Company Portal app compared to the option within 'Settings' > Account > 'Add a Work or School account'?
The company portal allows you to access content in a bubble. For example, when you open documents, it opens it within a portal. You cannot cut copy or paste content or take screenshots from within the portal to other applications. Thus ensuring security. This is perfect in a BYOD environment. In a full corporate deployment, the entire device is managed by corporate, i.e. all the settings and configuration. I hope this helps and thanks again, Andy
@@AndyMaloneMVP Thank you Andy for your reply and help. Does Azure or Endpoint/Intune give you the option to enforce a policy whereby any staff using a personal laptop and wishing to access Work Emails/Organisation OneDrive/Corporate MS Teams account must use the Microsoft Company Portal app? Therefore preventing staff from simply accessing business Office365 applications from the browser on their personal laptop.
@@kb8570 it does yes. For noncorporate devices, however, conditional access guest policies are really good.
@@AndyMaloneMVP Thank you Andy. I will see what I can do with conditinal access. I am a newbie and just started working with Endpoint and Azure. Thank you for your videos!
Great Andy! Thanks
You’re welcome 😊👍
Thank you for that info, what is the difference between account protection Intune vs Device administrators?
Admin roles allow you to delegate specific admin roles to users. See the doc here docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control whereas account protection policies are a new preview feature (not reviewed by me yet) details here docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy#:~:text=Use%20Intune%20endpoint%20security%20policies,Microsoft%20Endpoint%20Manager%20admin%20center. Device admin role here docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
@@AndyMaloneMVP thank you for the reference
@@mikemiguelhije2780 you’re very welcome 👍😊
Hi Andy, what about Azure registered devices? It's registered the same way as Azure joined. I can't really see the difference. Thank you for your informative videos!
Azure AD registered device work in the same way. Except, that when you deploy applications, they appear in a portal on the users phone. Do you remember that registered devices are BYOD or bring your own device and are owned and managed by us, not corporate.
@@AndyMaloneMVP Thank you, Andy!
Hi Everyone,
I just upgraded our users from Windows 11 Home to Windows 11 Pro. Some were able to join Join this device to Azure Active Directory but two of our users don't have the Join this device to Azure Active Directory option.
I suspect because the home edition is not comparable
When joining AzureAD, what happens to the computer local User accounts- are they still there?
Yea they are. You can disconnect if you wish. Also intune provides full policy control.
Why can I not use Group accounts to assign to "Device Administrator, Assignments"? It only shows users.
You are correct.
Awesome Video
The Best!!!
say you have a small office of around 25 works (to be 30 next year) and they work in 3-shift and only 10 laptops that are shared at each shift.
- can we prevent user from joining device to Azure AD or Intune ?
- can an admin join them to azure ad + Intune, and allowed the staff to sign-in to any of the device using their azure account and allows their settings to follow them ?
- I don't want an ADDS Server, just Cloud only system { Microsoft 365 Apps }
You can set that only specific users can do an azure ad domain join. In my video chat did all. But you can select specific users. Also specific admins as well. In terms of using laptops which are shared you may want to take a look at this. I think you’ll find it useful docs.microsoft.com/en-us/mem/intune/configuration/shared-user-device-settings
how to join the device as standard user type using the Azure active directory method.
School and workplace join in windows 11. You can join a device as long as you are authorised.
Hi - I have a question, maybe someone has an answer - I tried to connect my laptop to customers Azure network and got message on the screen that my laptop is registered with another Azure domain and welcomed me to connect to that Azure domain - any ideas what it is - some kind of protection? Thanks a lot!
I'll bet that the laptop you're using is connected to your Microsoft 365 account. You can tell if you go into a web browser to portal.office.com If it does not prompt you for a username etc. You're already connected. Another way is to go into accessories - Accounts - School and workplace join . If you're already connected you'll see the account details here. Another obvious Q, what edition of Windows are you using? Pro or Enterprise. As I said in the video Win 10/11 devices can only be connected to one domain at a time. Either On prem Windows Server AD or Azure AD (Microsoft 365). I hope this helps and good luck.
@@AndyMaloneMVP This laptop doesnt have MS 365 installed, it was returned from the rent and fresh Win10Pro installed - also doesnt have any connections to any domains so far. I quess Azure uses some hardware identification/authorisation since how the current Azure domain (to which I'm going to connect knows about the old one and doesnt allow me to connect)?
Sounds like the OS build has some kind of connection built in. I'd take it too support it to be checked. Also perhaps you don't have admin rights
@@JohnieDSM I’m sorry sounds like you need to go to a support specialist. Best of luck 😊
So outside conditional access theirs no real point to have Azure AD devices being hybrid enrolled?
Agreed😊👍
Cool 😊
6:00 The Azure Directory option has been removed. When I log into my work account that account is added to my personal Microsoft account. I cannot then log in or out the two accounts as I used on Win 10. I see one log in with 2 accounts. This is NUTS ! EDIT - I am using Win 11 Home, I presume I need to install Win 11 Pro to get Azure?
I think you answered your own question. Does not support home. Sorry.
@8:40 😍😍✔✔
Hiiii sir, this is anandhakumar from India Chennai I learning windows server how to I get job in abroad any app is there in playstore
Not sure about apps, but there are plenty of sites than can help you. Earlier this year I recorded a session on how to get certified. I put lots of tips and advice into that. You can find it here. th-cam.com/video/qA5Hy36onbw/w-d-xo.html I wish you the very best of luck my friend 👍😊
How to Microsoft Entra join existing windows server vm ??
This was the video
How can you do this without knowing Joni's or Aaron's passwords?
Because I’m deploying machine not logging on the users the user would still log on with the credentials
how do you enable Intune Auth?
A user must have an Azure AD account and the device must be Azure AD joined then the user just signs in using standard single sign on. Check out docs.microsoft.com for more details.
thanks lot
10:14 I wish you showed how this was actually done!
I did
It doesn't make sense having usernames like that