Can Hybrid Azure AD joined Devices used for off-site?

Ascend Forward 1 Reputation point


We are currently facing issues that most workplaces are facing with working from home. We would like to know if we setup our devices using Hybrid AAD join will our devices update as if they are on-prem?

For example, if a user updates their password online and turn on their hybrid domain joined computer at home, will the computer sync the new password?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,816 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,011 Reputation points

    @AscendForward-3747 Thanks for reaching out. This is indeed a common scenario now a days and all depends how are you approaching on this.

    1) Brand new laptop getting shipped to users location with Hybrid AAD Join AUTOPILOT configuration.

    If that is the scenario you are in, you will have to consider the White Glove Hybrid AAD Join off corporate network path. Which needs a corresponding VPN profile so that your end users can connect to Corporate network and complete the joining process.

    2) Users already have a Hybrid AAD join devices from office, in this scenario it will just work normally like the way you would expect it to. If you have a password writeback enabled, then any user who changes the password over internet eventually triggers a password reset at on-prem where the new password is updated. You might see a little bit of delay and then you can login using your new password. (Provided the client machine has proper connectivity to your corp network)

    Let me know if you have any questions.

    If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.