Windows 10: What is the best course of action to implement passwordless for hybrid joined devices?

I have reviewed the official documentation, but I am uncertain about the best way to set up passwordless authentication for Windows and MacOS devices that are connected to an on-premises Active Directory. The challenge is that users are connected to both Entra ID and the on-premises environment. Currently, users are authenticated through the Active Directory when logging in to the device, and through Entra ID for all cloud resources.

:)

 

Intune Hybrid Join, MDM „None"by AD Devices but by AAD Devies „Intune"

Dear Microsoft Community,

Unfortunately we are having some issues with the Hybrid Join setup where we are not able to verify them.

The devices are joined from Active Directory Hybrid into Azure Active Directory and are stored there as such. We have the Education E5 license and therefore all permissions for Intune. Unfortunately, only devices with the Azure AD Joined join type are synced into Intune and for those Intune is entered as MDM, as we would like for all devices. But devices that are Hybrid Azure AD joined, can not be managed in Intune and as MDM is None.The MDM server URL is stored as it is in the documentation.We are currently trying to verify what it could be because we had built a test site and in this everything worked.

We suspect that it could be because Internet Explorer is globally disabled and therefore the URLs for the Intune Sync can not be called.

unfortunately I could not upload any screenshots. Therefore I briefly describe the components:

• Azure Ad Connect is Activ ( no Erros )
  
• Intune Connector is Activ ( no Errors )
  
• MDM default settings in portal.azure ( no Errors )
  
• Deployment Profile is activ ( Hybrid Azure AD joined )
  
• Monitoring logs also just succeed, no mistake. But the AD devices are trying to sync because initially "Pending" is displayed.
  
  and then change to "None
  

I hope you can help me with this problem and thank you for your help.

 

Windows 10 - Hybrid Joined Machines - Intune Bitlocker

Goal: To deploy Bitlocker via Intune to both Hybrid Joined / AzureAD joined windows 10 devices.

Issue - Currently seeing errors for machines relating to password rotation in the configuration of most workstations.

Error:

-2016281112 (Remediation failed)

ERROR CODE

0x87d1fde8

ERROR DETAILS

Remediation failed

The encryption appears to be taking place, but the password rotation is failing. Any suggestions would be appreciated. I've googled for several days at this point.

 

Join Workplace on Domain PC

Hi Harish,



Thank you for writing to Microsoft Community Forums.



We understand that the domain joined computer is prompting a notification related to Workplace Join. In this case, let me help to point you in the right direction where you should get the appropriate assistance for issues related to domain environment.



I would suggest you to post your query in
TechNet Forums, where we have a dedicated team of professionals to help you with queries related to Workplace Join.



Meanwhile, if it may help, you can check the following documents.

• Walkthrough: Workplace Join with a Windows Device
  
• Join
  to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications
  
• How To: Plan your hybrid Azure Active Directory join implementation
  

Regards,

Prakhar Khare

Microsoft Community – Moderator