How much valuable this channel, its should be more than 1lac subscribers. Guys please keep sharing this.

This is a gem of channel...

Your videos are an absolute joy to watch, thanks for sharing!

WOW, although it is complicated but brilliantly explained, Thank you.

UserCertificates ADComputer object's attribute is populated only if scp (ad or client side) is configured

That's brilliant, Thanks a lot - well explained

explained very deep thanks.....

All devices in tenant are already azure ad registered(onprem+workplace joined) .if i enable entra hybrid join in entra connect it will automatically convert to entra hybrid join or i have to manually remove the azure ad registered state and then enable for entra hybrid join

Hi, I have two forests under one tenant. Recently we migrated some user mailboxes from different organization and they have their email address not matched with the domain name where we migrated. Only the migrated mailbox user laptops are showing as pending in hybrid domain join. How can I write down 6th claim rules in this scenario.

Super! Very well explained. Thank you.

@concepts work, Client device are joined to Azure AD and Intune. Now when we try to join the device to On-premises AD with AD admin and we get error. Can you please guide me how to join a device to On-premises AD which is already Azure AD joined and Intune compliance.

I could not understand differnce between this and previous video... its on federated but many things are same.. could you please let me know how you have configured claims in adfs

The claims in the Adfs are created automatically with the Ad Connect wizard when configuring the hybrid options, or you have to create them manually ?Thank you.

how to add the devices in Intune?

Thanks for the informative video. In a federated environment, is it mandatory to use win HTTP proxy if we are not using wpad?

Thanks please do more ❤️

Hello sir I have one question While configuring the hybrid joined for downlevel device the option is greyed out for us and asking to enable seamless sso Can we hybrid joined the downlevel devices without enabling the seamless sso Or do we need to enable it In my test machine when i have tested the option is enable after enabling the seamless sso Thanks

can you share the claim rules please

Do we need to be connecting into the Enterprise network domain to register in the on premise Ad and in AAD?

Thank you for the great content. I get this error message from the Azure AD Connect wizard when trying to configure: An error occurred while executing the 'Update-MsolFederatedDomain' command. MSIS7612: Each identifier for a relying party trust must be unique across all relying party trusts in AD FS configuration. ---> System.Management.Automation.RemoteException: MSIS7612: Each identifier for a relying party trust must be unique across all relying party trusts in AD FS configuration. Does this mean I need to configure the relying party trust for Azure AD on my AD FS server? Thanks for any advice.

Awesome videos, could you please let me know if you have uploaded application integration and Azure powershell videos as well ? could you please provide url if yes..

Thank you for the great video and explanation. I heart that if you are in a federated domain with ADFS, once your devices can discover the SCP, they auto-register with Azure AD without even having the computer account already synchronized in Azure AD. is that correct? is there any document or video that explains that? Thank you

Hello, Where I can find the cliams rules ?

Thanks for the informative video. For the claims required for federated domains, are those only required for environments that use ADFS? If you use an Identity provider other than ADFS, are those claim rules still needed?

your videos very helpful and structured well. Thank you so much! I have probably stupid question.... probably not related to this. Does Hybrid Azure AD Join device has ability to login to windows outside of corporate network? In my case I setup Hybrid AD Joined device and windows hello for business key based trust model. Inside corp network all work absolutely amazed but if i change network to internet then I have error that i cannot login.

Thanks for the great videos. Please i have something i hope you can help me with. I want users to be able to authenticate against the azure AD to login to windows 10 device which is hybrid azure AD join instead of on-prem DC. I want to achieve this so that remote users can still authenticate when the device is on another network. Please Can i used ADFS to achieve this?

Thank you for this useful video. I am having issue understanding one concept and I am wondering if you could help me out. After joining my device to azure ad in hybrid mode, I intially had issues getting the EnterprisePrt token. After some changes to the Azure AD Connect setup ADFS environment that included initialising device registration using the Initialize-ADDeviceRegistration command, enabling device writeback via AD Connect and enabling device registration with Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true, I managed to get a token. I had to follow the stops from docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg which confused me enough already as I wasn't enabling WH4B and considering I had AD FS setup automatically, I expected no additional configuration needed after running the enable hybrid domain join in the AD Connect Tool) Unfortunately, the PRT token doesn't seem to work for AD FS when connecting externally from my joined laptop and using the Edge (Chromium) browser. Using IE and legacy Edge, I am able to pass through AD FS authentication just fine. I am using the AD FS Xray tool as a relying trust party for AD FS. My question is, what is the role of the EnterprisePrt token? I'm unable to find any documentation on it that would be applicable to the AD FS and Hybrid Azure Join scenario. I simply expected that with the hybrid join, I could take my device outside the network and enjoy seamless Azure AD logon (which works in both IE and legacy/chromium Edge) and seamless AD FS logon (which doesn't work with the Chromium edge but works in IE and I can see the PRT password claim). Thanks