![]() Over the coming weeks, we will explore the concept of authenticating users to domain resources from an Azure AD Joined device. This first post in the series will give an overview of how SSO to domain resources works from an Azure AD Joined device. Many organizations still question how best to achieve this and often try “Hybrid Azure AD Join” for their devices – which is absolutely not a requirement. If you already have a VPN connection – great, most of your work has been done. For those who are still considering how to make a VPN connection, we will walk through how to deploy a Microsoft Always On VPN (AOVPN) solution with the other necessary components and configuration including, Network Policy Server (NPS), Routing and Remote Accesses (RRAS), Extensible Authentication Protocol (EAP), Network Device Enrollment Service (NDES), Simple Certificate Enrollment Protocol (SCEP) and Microsoft Endpoint Manager Intune. ![]() In summary, the 9 part series will cover: There will be an assumption that you already have a Certificate Authority present in your domain and are running Azure AD Connect to synchronize your user identities to Azure AD. Install Azure AD Application Proxy to publish the Device Enrollment Service (NDES).Configure the Network Device Enrollment Service (NDES).Configure the Network Policy Server (NPS).Configure Active Directory and Certificates.SSO to domain resources from Azure AD Joined Devices Overview. Configure Certificate Templates in Intune.Create a Simple Certificate Enrollment Protocol (SCEP) Profile in Intune.Creating the Always On VPN Profile in Intune. ![]() Part 1 of 9 from the “SSO to domain resources from Azure AD Joined Devices – The MEGA Series” SSO to domain resources from Azure AD Joined Devices This first part of our mega-series will give an overview of how SSO to domain resources works from an Azure AD Joined device. In other words, how to access legacy systems from a pure cloud computer seamlessly (the user won’t even know what hit them). Why do we need SSO to domain resources from an Azure AD joined device? #MEGASYNC LOGIN ACCESS DENIED HOW TO# Many organizations are now in “full swing” when it comes to the implementation of the Microsoft Cloud offering. We have seen rapid adoption of Cloud technology to allow the workforce to “work from anywhere”. Microsoft Teams alone saw a 775% increase in usage, in Italy, during the start of the COVID-19 pandemic in 2020. IT Admins have been among the many hundreds of unsung hero’s during the pandemic – often having to turn around new cloud technology in a coffee break. Giving customers access to cloud services from their homes was a big win. Many companies are now questioning the requirement to bring everyone back into the Office and instead are considering a hybrid approach to their workforce’s location. VPN’s have played a large part in enabling the workforce to access on-premises resources during the pandemic. More often than not this was to enable them to access file servers and Line of Business applications that were hosted inside the company’s datacentres. Some companies have invested more time to remove the requirement of VPN by moving file shares to SharePoint Online and leveraging Azure AD Application Proxy to publish their internal web applications to their users working from home. This leaves one big question… Do we need Hybrid Azure AD joined devices? However, some business applications are just not “Cloud” ready and the VPN is still a requirement to access those on-premises resources. Hybrid Azure AD joined devices are joined to your on-premises Active Directory and registered with Azure Active Directory. Support down-level devices running Windows 7 and 8.1.If you answer YES to any of the following scenarios then you “might” consider Hybrid Azure AD joined devices: want to continue to use Group Policy to manage device configuration.want to use existing imaging solutions to deploy and configure devices. ![]()
0 Comments
Leave a Reply. |