Off Site Computers Losing Domain Trust

Question

Hey All!

Is there anyway using Azure and 365 to prevent this from happening or to allow the user to repair this without having to rejoin the domain or the use of a VPN? Been pouring through articles and can't seem to find a definitive yes or no. This something that Conditional Access can handle?

Any feedback would be amazing! Thank youuu!

Answer 1

@Dustin J. Andrade Thanks for reaching out.

This would be much easier if you are completely on cloud so that you do not have to worry about breaking the trust for the Azure AD joined machines.
For hybrid scenarios, this mostly refers to a situation when the machine's AD password expires and when the client tries to update it password in AD it breaks if the machine has been off the corp network for a while or not in use for long.

So as long as they are in AD their password will expire and you will keep running into these issues when the users are working remotely without any corp connection.
Their are some work arounds but they come with their own security risks. So these are not best practice and should be used after properly checking the security risk.

Using group policy, if you change the maximumpasswordAge to more number of days (by default 30) then machines do not need to change the password and wont be falling into this situation.

Do remember that if some adversaries get hold of this machine they can use the pass through authentication and can do some harm. So should be used very carefully and is thus extending to a number very huge is also not advisable, you need to research about the security risk of your machines and then take a call.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.