Azure AD vs On-prem AD login from client laptop

Question

I'm looking into Azure AD from a client laptop. The laptop is already part of the local domain. I installed Office 365 from our tenant and found it listed in Devices in the Azure portal. I then, in accounts on the client, joined it to the Azure domain. It says "Connected to <company name>MDM Connected by username@companyname.com" I then tried both restarting and signing out, then signing in with my 365 credentials (email address/password), no dice. Am I over simplifying this? Should I now be able to login to both domains or do I need to do something else?

Answer 1

Hello,

When you join a device to Azure AD, you enable single sign-on (SSO) to Office 365 and other applications. However, you cannot directly sign in to both the local domain and Azure AD using the same user account.

The local domain account and the Azure AD account are separate, even if they have the same username.

To make this work, you have a few options:

1. Azure AD Connect: You can use Azure AD Connect to synchronize your on-premises Active Directory with Azure AD. This will allow you to have the same user account in both the local domain and Azure AD. After synchronization, you can sign in with the same username and password on both domains.
2. Hybrid Azure AD Join: If you want to maintain both on-premises domain join and Azure AD registration for your devices, you can configure Hybrid Azure AD Join. Hybrid Azure AD Join allows devices to be joined to both on-premises Active Directory and Azure AD, enabling users to sign in with their on-premises domain credentials while accessing Azure AD resources.
3. Switch to using Azure AD completely: If you don't need the on-premises domain and want to manage everything through Azure AD, you can consider migrating all your users and devices to Azure AD. This will allow you to sign in with your Azure AD credentials on all your devices, but you'll lose the local domain benefits.

Answer 2

Any Ideas?