6:43 - arrrggg this is the type of thinking that still gets me with CA. My brain doesn't work that way normally and that's why a bunch of our CA policies are probably not doing what I think they're doing... For your example though, how would you do it like "If it's not a PAW, block, but if it IS a PAW then let them in but require MFA"?
Hello Dean. Thank you for the informative video. I was a impression we need to sync this via AD Connect? Is AD connect only applicable for hybrid scenarios? Thank you
AD Connect is required for Hybrid scenarios, yes - it syncrhonises users, groups, objects, and devices to Entra / AAD. Most places sync Users so they're Hybrid. It became common to sync Devices, too. Now we're trying to encourage cloud-native (not hybrid sync'd) devices, but normal users can be Hybrid still. Entra Privileged Users (Global Admins, Intune Admins, etc) should always be cloud-native, though.
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
Once again Dean you've published a video on something I'm currently doing for a customer, so it's extremely welcome as ever 🤩
:D You're welcome!
6:43 - arrrggg this is the type of thinking that still gets me with CA. My brain doesn't work that way normally and that's why a bunch of our CA policies are probably not doing what I think they're doing... For your example though, how would you do it like "If it's not a PAW, block, but if it IS a PAW then let them in but require MFA"?
Great topic! Reminds me of learning more about Graph 🙂
Same!
Will this prevent login to hybrid join devices ?
Hello Dean. Thank you for the informative video. I was a impression we need to sync this via AD Connect? Is AD connect only applicable for hybrid scenarios? Thank
you
AD Connect is required for Hybrid scenarios, yes - it syncrhonises users, groups, objects, and devices to Entra / AAD.
Most places sync Users so they're Hybrid.
It became common to sync Devices, too.
Now we're trying to encourage cloud-native (not hybrid sync'd) devices, but normal users can be Hybrid still.
Entra Privileged Users (Global Admins, Intune Admins, etc) should always be cloud-native, though.