I have a very small office with 2 Windows 8 machines, and people work remotely. Because we use Office 365 and Azure we're already setup with Azure Active Directory (AD). When users VPN in to the office they can use with AD account. However, I wonder if it is possible to allow the on premise Win-8 machines to log in using their AD account? We have no on premise servers (excluding NAS).
No - Windows Azure AD currently does not support domain joined machines and machine/user authentication. It is different in this way than Windows Server Active Directory.
Windows Azure AD currently is centered around user authentication for web based applications.
Related
We have configured MFA for our users in our organization tenant in MS Office. We are login Microsoft Windows using our Azure AD login (work or school account) from our office local PCs.
In the daily routine, we need to remote our office other machines as well using our own Azure AD login. Now, the thing is, without configuring MFA, we can successfully do a remote of other machines. But after configuring MFA, it is being stopped and below message we are getting.
Could anybody help me to resolve this?
I recently created a Azure Bastion service and Azure VM in my organisation's Subscription. When I try to connect to the VM via the Bastion using local Admin ID it worked. However the same is failing when I try with my Azure AD ID. Is this a limitation?
There are two (2) authentication schemes:
Azure Active Directory (AAD) authentication: Azure Bastion does not currently support authentication using AAD-based (cloud) users. This request is known and prioritized as "high" by the product team. See this [link][1] for details in user voice. The advantage of this approach is to provide full cloud-based authentication, with no dependency on on-premises technology (in this case, Active Directory). One workaround for now is to expose a jumpoint on a vNet until availability of this feature.
Azure Directory (AD) authentication: Azure Bastion does currently support authentication using AD-based users (Windows AD User). Since this is a managed "Active Directory" provided by Microsoft, the use of Azure AD Connect is needed to sync this domain (and users) to Azure Active Directory (AAD). The drawback of this approach is to continue building using on-premises technology (Active Directory).
Public preview announced during Microsoft Ignite 2021 to include support for Azure AD login for Bastion enabled VMs. It is available using Azure CLI client on Windows and leveraging native client (openSSH to do Azure AD based SSH for Linux and mstsc to do Azure AD based RDP for Windows). Details can be found at https://learn.microsoft.com/en-us/azure/bastion/connect-native-client-windows
I am searching around Google about this topic, but I can't find anything that talks about this. We have an ASP.NET WebForms application hosted on premise, and the login authenticate with our Active Directory. I can access the Active Directory outside the office, of course, using a VPN.
However, this application will be migrated to Azure. From Azure, we don't have access to our domain anymore, so we can't query our Active Directory users.
Which options do we have? There's a workaround for this?
Thank you!
You can use Azure AD to create an Active Directory domain in the cloud and connect it to your on-premises Active Directory domain. Azure AD connect integrates your on-premises directories with Azure AD. Refer to this article for more details.
With this solution, you need to setup Azure AD authentication on your app.
Reference:
Integrate on-premises AD with Azure AD.
I am using Azure AD to test SSO for a customer, and it appears that I have to download AD Connect. I am on a Mac, but intend to test in a Windows 10, MS AD VM in Azure. How do I incorporate AD Connect into my VM when my Mac won't open the download file?
AD Connect is required in order to sync directory information between on-prem AD and AAD. You can (but might violate security best practices) run AD Connect on the Domain Controller itself. Once setup, users will sync between your on-prem environment and AAD. You can then test SSO.
I'm not sure where you got the requirement that AD Connect needs to be installed on your mac. It doesn't, it just needs to be installed on a windows server with access to the domain as well as internet access to sync with AAD.
I have an Office365 account with about 10 users. Do I need to setup a domain controller server(or VM) to add these machines to or can I simply use Azure and a cloud based version(a bit like JumpCloud(https://jumpcloud.com)
No need to set up a domain controller to manage your Office365 accounts.
With a combination of JumpCloud and an SSO solution such as Bitium (one of JumpCloud's partners), you gain centralized management of your Office365 user accounts from one cloud-based location, and use those same accounts for the rest of your organization, whether on your desktops, servers, WiFi, or any LDAP client apps.