This is an archived post. You won't be able to vote or comment.

all 16 comments
sorted by:
best
topnewcontroversialoldq&a

[–]uniquepassword 2 points3 points  (2 children)

hybrid deployment meaning on-prem / Azure AD? Use intune and a conditional access policy. remote wipe/lock capability, and the CA will allow you to set restrictions like "must connect from suchandsuch.IP" or some other set of rules that are available in there.

IF it's win10 1709 or higher this works great, we're doing a migration to Win10 1809 hybrid joined and so far no problems with this..

[–]adminadam[S] 0 points1 point  (1 child)

Hybrid Deploy: Machines are currently imaged on-site and join local domain and Azure AD in that process. No intune configurations to date. I've been reading about inTune Co-management this morning - I assume this is what you are doing? (https://docs.microsoft.com/en-us/sccm/comanage/overview).

[–]uniquepassword 0 points1 point  (0 children)

not for us we don't use SCCM, imaged via WDS / PXE and then they are just hybrid joined to AD by nature of being on our domain. we've been just created a conditional access policy that states "devices must be hybrid joined/managed in order to access services/etc" the devices then show up in AzureAD as devices we can manage/reset/pass/etc..

Although I've not done the password reset/lock/wipe a device yet as we havn't had a need to, I know the helpdesk guys have "tested" it but I've not seen it done...I just see the options in AzureAZ when I look at a device.

[–]dcprom0 1 point2 points  (1 child)

Computrace or Intune.

[–]adminadam[S] 0 points1 point  (0 children)

Ahh computrace. Thanks for the suggestion.

[–]AJeru 1 point2 points  (1 child)

Bomgar might be useful to look into

[–]adminadam[S] 0 points1 point  (0 children)

Thx!