Windows 10: FIDO2 Windows login on hybrid joined devices not working when no on-prem AD in sight

We have hybridjoined computers and try to implement FIDO2 login for Windows logins. We have followed the instructions and it all worked fine. But we now start to have some devices not users that can't use the FIDO2 login when they don't have the On-prem AD in sight. It seems like these devices don't store the informationen needed in order to enable an offline login via FIDO2. Is there a way to influence that behavior?

:)

 

Azure AD Hybrid environment with on prem

I have an existing domain in PA but I want to avoid purchasing a lot of equipment to start a domain in MIA. If I were to choose Azure AD instead on purchasing an On-prem and a server license; purchase all the equipment needs for a on-prem setup isn't neccessary, I can create a Hybrid Environment where I have Azure AD for any other location and an on-prem server in one?

 

Disconnecting on prem AD and then joining Azure AD creates new Windows profile?

Hello everyone,

I have a question about joining computers in my firm from on prem AD to Azure AD. When someone new arrives at our firm (new employee), there is a fresh installation of Windows 10. It is easy to join Azure AD
because it is a fresh start, but now we have to migrate all Windows 10 users that are on prem AD to Azure AD. When I disconnect those users from our local on prem AD and join them to Azure AD, whole new Windows 10 profile is created, without any of settings,
data or anything else on that profile (clean profile with few applications that are installed computer-wide). So my question is, is there any solution to keep their profile settings from before they joined Azure AD? Or I will have to simply tell them to backup
everything (essential data).

What I tried so far:

• Tried tools for migration like ForensiT (User Profile Wizard, User Profile Manager and Transwiz, just to see if it is going to work) - not successful
• Tried changing profile path from registry - not successful
• Tried log in with the old credentials example: CONTOSO\user (because after I joined that computer to Azure AD user should log in as *** Email address is removed for privacy ***) - not successful

Is there anything else I can try? Thanks for your answers.

 

Intune Hybrid Join, MDM „None"by AD Devices but by AAD Devies „Intune"

Dear Microsoft Community,

Unfortunately we are having some issues with the Hybrid Join setup where we are not able to verify them.

The devices are joined from Active Directory Hybrid into Azure Active Directory and are stored there as such. We have the Education E5 license and therefore all permissions for Intune. Unfortunately, only devices with the Azure AD Joined join type are synced into Intune and for those Intune is entered as MDM, as we would like for all devices. But devices that are Hybrid Azure AD joined, can not be managed in Intune and as MDM is None.The MDM server URL is stored as it is in the documentation.We are currently trying to verify what it could be because we had built a test site and in this everything worked.

We suspect that it could be because Internet Explorer is globally disabled and therefore the URLs for the Intune Sync can not be called.

unfortunately I could not upload any screenshots. Therefore I briefly describe the components:

• Azure Ad Connect is Activ ( no Erros )
  
• Intune Connector is Activ ( no Errors )
  
• MDM default settings in portal.azure ( no Errors )
  
• Deployment Profile is activ ( Hybrid Azure AD joined )
  
• Monitoring logs also just succeed, no mistake. But the AD devices are trying to sync because initially "Pending" is displayed.
  
  and then change to "None
  

I hope you can help me with this problem and thank you for your help.