none
Windows Hello and Azure ADDS

    Question

  • I currently have a dozen machines running Windows Home versions of Windows 7 or newer.  All of the users were connected to O365 for Business (Not Premium version yet, email is still hosted on IMAP elsewhere until next month) prior to me starting the Azure Free Trial.  Today, I added my first user through the Azure Portal and then I began configuring a brand new Windows 10 Pro (Got the client to start buying Windows Pro with the thought that I REQUIRE an On Prem AD, which we do not have at this time) machine.  During the initial config of the Windows 10 deployment, I connected using the Employer or School option and used the new user's credentials.  I was then prompted with the "Your organization requires Windows Hello" screen wanting me to create a PIN.  I am assuming this is because once I started my Azure Trial, machines are no longer Automatically Domain Joined, so I went to turn on Active Directory Services in Azure and it is now requiring a Virtual Network to connect to?  I am looking to have Cloud Only Authenticatio\Directory Services, so why would it be a requirement to provide a Virtual Network?  Can someone please step me through this?
    Wednesday, March 15, 2017 6:54 PM

All replies

  • I have deployed a dozen machines with Home Version OS and the users are all connected to O365.  I recently setup an Azure Trial for AD and now I am getting forced to setup a PIN to register the machine and to login?  How do I only use the 'username@domain.onmicrosoft.com' username and password instead? I am wanting to use Azure AD as Cloud Only Authentication without an On-Prem AD and want the devices to auto-join when the user enters their username & password.  My understanding is that if I enable Azure AADS that I can enable\disable auto-join, is that what I need to do to turn off the prompt to setup a PIN when adding a machine?  If so, is that done on a per Virtual Network Basis or can I just set it for all users\devices?

    Wednesday, March 15, 2017 9:01 PM
  • The PIN prompt is for Windows Hello for Business. It has nothing to do with Virtual Networks nor is there a requirement to provide one.  More information on Windows Hello for Business can be found here: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/hello-identity-verification

    If you want to use Azure AD Domain Services, you need to have a virtual network in the cloud for internal communication between cloud resources. For more details go through the overview of Azure AD Domain Services - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview

    Thursday, March 16, 2017 6:19 PM
    Moderator