Share via

Automatic device join in single AD - multiple Azure topology

Ruslan Nalivaika 116 Reputation points
2020-02-25T08:29:16.72+00:00

Hi all,

Our customer is considering implementing topology with single onprem AD synchronized to multiple Azure AD tenants, using a single ADFS farm. The customer needs availability of Autopilot with Hybrid AD join for devices in all Azure AD tenants.

The document in the link below suggests that this is not supported, but maybe somebody has experience with this kind of set up and can comment ?

MS documentation also says that device writeback is not supported in such topology. But as I understand, that should not be an issue when using Autopilot, because it is the Intune connector (and not the AD sync agent) that creates onprem AD account for the machine, is that correct ?

https://free.blessedness.top/en-us/azure/active-directory/hybrid/how-to-connect-fed-single-adfs-multitenant-federation

BR, Ruslan

Microsoft Security | Active Directory Federation Services
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nagappan Veerappan 651 Reputation points Microsoft Employee
    2020-02-25T19:58:09.907+00:00

    Thank you for reaching out. Since this Intune supporting multiple connector and doing Domain join (offline) for Hybrid Azure AD Join. I would recommend to check with Intune and Auto pilot team on supportability point.

    As long as Intune connector have the ability to reach correct on-prem AD forest to create/delete computer objects. it should work. Since I am from Azure AD team, I can't comment on support points of view from Intune/Autopilot.

    Please reach out to Autopilot and Intune to get their comment on this implementation.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.