Troubleshooting Hybrid Azure AD Intune Automatic Enrollment
Posted inEntra ID (Azure Active Directory) Intune Microsoft 365 Microsoft Intune Windows

Troubleshooting Hybrid Azure AD Intune Automatic Enrollment

As I have blogged about a lot, there are a bunch of hoops to be jumped through and prerequisites to be met for a successful hybrid Azure AD join and automatic, GPO-invoked Intune enrollment. But sometimes, you have to go back to the basics when you're banging your head off the table, and laugh off the embarrassment of not checking the fundamentals. I was recently setting up hybrid Azure AD join and Intune enrollment,…
Understanding Modern vs. Legacy Authentication in Microsoft 365
Posted inEntra ID (Azure Active Directory) Microsoft 365

Understanding Modern vs. Legacy Authentication in Microsoft 365

Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants.  Security Defaults are a group of best-practice security settings, and one of note is the disablement of all legacy authentication, which itself has been off in Exchange Online and SharePoint Online, by default, since August 2017. The term legacy authentication doesn't refer to one particular protocol, but rather any that do not support Multi-Factor Authentication (MFA).  Protocols that support…
Hybrid Azure AD Join + Intune Enrollment – Prerequisites Checklist and Process Flow
Posted inEntra ID (Azure Active Directory) Intune Microsoft 365

Hybrid Azure AD Join + Intune Enrollment – Prerequisites Checklist and Process Flow

I'm a simple person, and sometimes it just helps to have a checklist to refer to when you're troubleshooting rather than navigating the sparse pages of docs.microsoft.com.  In this blog, I  explain the prerequisites for the Hybrid Azure AD Join (HAADJ) + automatic (GPO controlled) Intune MDM enrollment scenario and the process from start to end, as simply and concisely as I can (not easy!)  There are no screenshots and it's not a click-by-click:…
Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO
Posted inEntra ID (Azure Active Directory) Group Policy Microsoft 365 Windows Server

Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previously a requirement for enabling Hybrid Azure AD Join.  After configuring Azure AD Connect and your Seamless SSO GPOs, this had to be enabled. Since Windows 10 1607 ("Anniversary Update"), in Azure AD Connect environments, on-premises Active Directory joined computers become Azure Active Directory registered when a synchronised user signs in to a synchronised computer;…