One of the main reasons people might choose a hybrid Azure AD joined configuration for their devices is that they still want to be able to access on-premises resources, for example a file server, or printers. In my opinion, hybrid join should be avoided and it is usually worth the extra work required on the infrastructure to support your devices being Azure AD joined and having no relationship to the AD domain.
In this post I’ll look at how SSO to on-premise resources actually works, when you are logged on to an Azure AD joined device, with a user account which is synced from your on-premise AD. I’ll also look at how you can configure this so that users logging on using Windows Hello for Business can also SSO. Continue reading “Azure AD and Windows Hello: SSO to on-premise resources”