Thinking about Intune Autopilot ? Do NOT Domain Join!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay so i'm just gonna say you don't need to join your computers to your domain to access on-premise resources i'm a solution architect at cdw and i say that a lot probably once a week maybe more and the reason is that it's just not common knowledge that it's not a requirement to be a member of your on-premise domain to access resources within that domain and that causes a problem for organizations who are looking to move to the cloud because the cloud doesn't include your on-premise domain it's the cloud it's azure id only devices that kind of thing and so when organizations are trying to work out whether they can join their computers to azure ad only and still access their on-premise resources they often make the wrong decision based on the misunderstanding that they need to be joined to their on-premise domain to access on-premise resources things like file shares and printers you don't need to join your computers to your on-premise domain to access on-premise resources like file shares if you're listening to me say that and you're thinking i know that you're not telling me anything new there i fully understand that i don't need to join my computers to my on-premise domain to access resources in the on-premise domain um fine well done please hit the like button subscribe and i'll see you next time but for anyone who isn't aware or who isn't sure or doesn't understand how that works let's jump into it and see how it does work so if we go to my server so we have a file share this is a it's a server it's uh it happens to be a server called cm one config manager one and uh it's hosting a few files a couple of files it's got finance and marketing and so the finance share is called finance and it's shared to um it's shared to finance and marketing finance have modify and marketing have read read is inherited as you can see from the greater arrows arrows uh they are tick marks so um and and the opposite is true for marketing and each of these we have a little file so it says file in marketing and as you can imagine it says file in finance in the finance share so a very simple setup nothing too difficult for us to understand here it's a file share in an on-premise domain let me just check the domain of this computer we'll jump into powershell and take a look at uh ipconfig and that didn't show us anything at all um if you can't you can see it's a part of the uh it's part of the contoso domain called.contoso.com i'm sure there's a better way to check which domain you are part of um but there you go it's part of that domain so if we head over to our client this client as you will see in a second is um not joined to the on-premise domain so if we do it yes reg cmd slash states i tap that blind because it's not caught up with me yet status is the is the correct way to type that so ds rage cmd space slash status and if you scroll up to the top you can see this device state of this device is azure already joined and it is uh not enterprise joined and not domain joined the name is it's autopilot demo but that's irrelevant for this trust me so as you can see it's it's joined to azure id only so those of you who thought it's not possible to access corporate resources using an azure id only device let's see so we'll head over to file explorer and open up cm1 it's file shares it happens to be there um the share name that i've chosen which is file shares there's a nice long delay here let's see what's going on it's taking a little while all right so that has let me in to the file share now i actually didn't expect that i think this could be a result of me testing this earlier on what i expected to happen was when i clicked on that file share and chose enter i expected it to ask me to authenticate by typing in my username and password uh rather than just letting me straight in which is uh which is odd uh it as i say maybe a part of me having tested just before this video to to make sure i wasn't gonna lie to you um let's try it again then with a different user fresh user who's never logged into this machine you'll see that login for the first time get to the same file share this user is a is a marketing user rather than the finance user so we'll be able to see that um and just see if for a second time and if this user gets logged in straight away without typing their password um then that'll be interesting let's try it so i'm going to log off from here sign out in the new fancy modern terminology and this user is called jimmy so we'll log in as him okay so we are logged in so let's head over to uh the desktop and then just try and get to that share that we were talking about which is uh cm1 [Music] file shares straight in um okay let's just just verify who i am for my own sanity well i'm clearly running as jimmy jester but let's just confirm it with that corp slash jimmy jester and then just to finally confirm i haven't switched machine or something whilst we've been watching this it still is this um still is this is your radio joint computer well you know i expected it to be asking me to confirm who i was but that that essentially single signed me on to the file share without any additional messages or prompts or anything like that which is brilliant so just to confirm you don't need to join your computers to your on-premise domain in order to access on-premise file shares hopefully that's convinced you if it hasn't please leave a comment and let me know why or if you're just happy to move on with your life just hit the like button and subscribe and then move on i'll see you next time [Music]
Info
Channel: CloudManagement.Community
Views: 22,546
Rating: undefined out of 5
Keywords: Hybrid domain join, hybrid domain join autopilot, hybrid domain join windows 10, device identity in azure ad, access to on-premise, file-shares, Azure AD, Azure Active Directory, Azurre AD Join, Azure AD Join, Group Policy, Intune, MSIntune, MS Intune, Microsoft Intune, Microsoft, SSO, Single Sign On, Single Sign-On, Mapped Drives, Drive Mapping, file sharing, WIndows 10, Windows 11, Active Directory
Id: 4R-krjqQKfE
Channel Id: undefined
Length: 7min 26sec (446 seconds)
Published: Tue Sep 07 2021
Related Videos
How I failed at configuring the Cloud Management Gateway
CloudManagement.Community
2.3K
The Ultimate Guide to Intune Autopilot - How to use Windows Autopilot with Microsoft Intune
CloudManagement.Community
94K
Azure AD vs. hybrid Azure AD: myth vs. reality
Windows IT Pro
2.1K
Domain Join to Cloud Only (AADJ) Migration without Wipe and Load!!
CloudManagement.Community
14K
Hybrid cloud Kerberos trust deployment - Say NO to Hybrid Azure AD Join!!
CloudManagement.Community
16K
Deploying apps via Intune? Do this!
CloudManagement.Community
67K
Provisioning Devices in Microsoft Intune (Endpoint Manager)
Andy Malone MVP
24K
Principles your lecturers use when communicating science
Irwan's Work Channel
973
Onboard Hybrid Azure AD Joined Devices to Intune
Concepts Work
41K
Hybrid Windows Autopilot - Step by Step - How hard can it be?
CloudManagement.Community
35K
Microsoft Intune and Windows Autopilot as your primary imaging solution?
SmartDeploy
8.1K
What Is Microsoft Intune? (Microsoft Endpoint Manager)
Harry Lowton
203K
Android Zero-touch Enrollment Setup Process
Android and Chrome Enterprise
6.4K
3rd Party Panel Integration @ NAB 2024
SKAARHOJ
50
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.