Hey everyone! I'm looking for some help with our Azure setup. We have a managed domain and are still using an on-prem domain along with Entra Connect for synchronization. Currently, we're transitioning our user laptops to Intune, intending to fully move away from our on-prem DCs. The issue I'm facing is that our users can't log into the Azure VMs using their biometrics from their laptops since those VMs are joined to the managed domain. I've tried creating new VMs with the 'join to Entra' option, but I'm still unable to log in, even when using my password. Any guidance on what steps I should take to resolve this would be greatly appreciated!
2 Answers
It sounds like you're using Azure Active Directory Domain Services (AADDS), right? If that's the case, you should know that AADDS isn't a full replacement for traditional Active Directory; it has its limitations. Maybe Entra could help you out more than AADDS is doing?
When I was working on something similar, I tagged my devices in Intune based on their OS and organized them into a Dynamic Intune Security Group. You might need to provide your users either VM user or admin RBAC roles so they can log in using their Entra accounts. Have you checked those permissions?
Thanks for the tip! I've assigned the VM user role on the Resource Group, but I still can't log in through Bastion or Remote Desktop with my username and password. It's really frustrating!
Yes, it is AADDS! We moved into Azure with a consultant's help, and this was the route suggested. I understand it’s limited, but I need a game plan to phase it out now.