undefined | Better HN

0 pointspid-13y ago0 comments

> The problem is that Windows 11 and above (try very hard to) require a Microsoft account, because these orcas of computing want to remind you with every step that you don't own the device you bought. Hence it's simpler/better to just virtualize everything.

During the pandemic, a key security component of our remote work architecture was to use Azure AD Conditional Access to restrict users to login in M365 apps from AD joined laptops + some Inutne compliance rules.

A weird situation was that, for a new laptop, we could not login using a domain account, as it was not joined in our domain. We also could not create a local account to join it. Not sure how IT solved that.

0 comments

Meph5043y ago

Windows 11 allows for the creation of local accounts, it sounds like someone signed in with a azureAD account (work email) joining the azure AD basically drops a lot of default policies on the machine, one of those is disabling local admin.

They can either remove that policy from their azure AD, or remove the machine from the azure ad.

Or update their policies to allow for azureAD joined machines.

j / k navigate · click thread line to collapse

0 pointspid-13y ago0 comments

0 comments

Meph5043y ago

They can either remove that policy from their azure AD, or remove the machine from the azure ad.

Or update their policies to allow for azureAD joined machines.

j / k navigate · click thread line to collapse