Machine sign-in formats for Azure AD

Mountain Pond 1,321 Reputation points
2023-04-17T22:58:50.8266667+00:00

Hello.

I would like to add devices to Intune via Group Policy. The devices are in the contoso.com domain, but the domain for azure is contoso.com.

The user user01@contoso.com exists in both Azure and AD.

Of course, I will not be able to enter, because. the system will contact AD.

Found this option: AzureAD\user01@contoso.com. But the answer is returned to me is not a valid username or password.

What are the alternative login methods? So that the user is signed in as an Azure AD user, not as a domain user.

Thank you.

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,269 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,833 questions
{count} votes

Accepted answer
  1. Akshay-MSFT 16,436 Reputation points Microsoft Employee
    2023-04-18T09:11:48.1633333+00:00

    @Mountain Pond Thank you for posting your query on Microsoft Q&A.

      • What is the point of this article then? Of course, in most cases, the domain space will match AD and AzureAD.

    The article describes about onboarding a device to MEM/Intune and have policies deployed via Intune for an On-Prem environment.

    1. The main idea behind this is to manage/deploy policy to the device over any network without requiring the device to be in line of sign with the DC.
    2. It does not compare on-prem and AAD UPN/credentials. Only Azure AD joined devices are signed in to using an organizational Azure AD account, for Hybrid AD join devices users should be signed in with there on-prem credentials.

    Please do let me know if you have any further queries by posting in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion works does answer your query. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,356 Reputation points
    2023-04-18T01:51:27.9133333+00:00

    @Mountain Pond Thanks for posting in our Q&A.

    It is by design. When a device is both joined to AD and Azure AD, we can't use an Azure AD account to sign in this device. We can only use a domain user or a local user to sign in this device.

    Hope it will clarify something.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments