Share via

Azure AD joined computers and long periods with no Internet

Dirk Manderin 1 Reputation point
2021-03-03T18:52:53.857+00:00

I have a remote site in a hurricane prone region. If they get hit, they could have no Internet access for weeks at a time. Our environment consists of Active Directory synced to Azure AD. Computers are Azure AD joined. Currently they have two file / application servers that are AD joined and one domain controller, all running in Hyper-V. If they lose internet access (so no Azure access either) for a few weeks:

Even though their computers are Azure AD joined (not hybrid), and the users login via Azure AD, would they be able to authenticate against their local DC if they couldn't connect to Azure?

If the above is true - the DC is currently read-write, which I'm not a big fan of since this is a very small office with minimal security Are there any limitations if they have a read-only DC instead and their office loses internet connectivity for a long period, so the RO DC can't talk to the other DCs VMs in Azure?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vipul Sparsh 16,331 Reputation points Microsoft Employee Moderator
    2021-03-05T12:56:11.61+00:00

    @Dirk Manderin They can login but you need to understand that this is not the best security practice. Under the circumstances, if you must do it, you can enable the cached logon for windows where the users can login to the machine using the cached credential without the need to a DC to authentication.

    Read more about it here : https://learn.microsoft.com/en-US/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information

    Things might break if there is a password reset scenario.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.