locked
Web sign-in to Windows 10 - does this work on Hybrid Azure AD joined devices? RRS feed

  • Question

  • With regards to...
    Web sign-in to Windows 10
    https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809#web-sign-in-to-windows-10 

    I have hybrid Azure AD joined a device (so, it is joined to both AD DS and AAD; they are synchronised). "DSREGCMD /STATUS" confirms the computer is Azure Ad Joined.

    I then installed Windows 10 ADK, then Configuration Designer, then created a provisioning package to set "EnableWebSignIn" to "Enabled". (no expertise in InTune, so applying the setting this way).

    I do not get the "Web Sign-In" option.

    Is this working correctly? The page says "Web sign-in is only supported on Azure AD Joined PCs", but that leaves ambiguity for "Hybrid Azure AD joined devices".

    My objective is to use Azure AD authentication with MFA, to log on to Windows 10. But there is also a massive on premises infrastructure, so this should remain operational, too.
    Sunday, October 6, 2019 9:44 PM

All replies

  • Hi,

     

    Web Sign-In provides support for non-ADFS federated providers that use Security Assertion Markup Language (SAML). Web Sign-In must be enabled in policy for it to appear as an option on the Windows 10 sign-in screen.

     

    From the link below:

    https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid

     

    Device sign in options are Password and Windows Hello for Business for Win10

     

    Looks like there is no Web Sign-In option.

     

    If you want to enable Web sign-in by using Intune.

     

    More information please refer to the following article:

    https://www.stephanvdkruis.nl/2019/03/configure-windows-10-web-sign-in/

    Note: This is a third-party link and we do not have any guarantees on this website. And Microsoft does not make any guarantees about the content.

     

    Hope above information can help you.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 7, 2019 6:24 AM
  • Thanks Farena.

    There are lots of parts to this, and Microsoft documentation can [and often is!] out of date.  Hence my asking.  I've posted a feedback on that link too.

    If it is indeed true that web sign-in in Windows 10 isn't available to  What is a hybrid Azure AD joined devices, then please can you ask for the documentation to state this explicitly?  


    Monday, October 7, 2019 9:34 AM
  • In my experiment, I...

    1. left the Active Directory domain (this also caused the computer to stop being Azure AD joined).
    2. Joined Azure AD directly (Settings > Accounts> Access Work or School > Connect > Join this device to Azure Active Directory)
    1. Now, the Web Sign-In options do appear, and I can use them.

    Hence, based on Windows 10 version 1809 LTSC channel with updates as of 2019-10-06, hybrid azure ad join doesn't support Web Sign-In.


    Monday, October 7, 2019 11:45 AM
  • Hi,

     

    Thanks for your posting here and sharing the situation.

    I learn more from your reply, and I believe partners who may visit this thread in the future will benefit from your sharing.

     

    Best regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 8, 2019 1:41 AM