Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
pmarsh

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 64
Reply with quote  #1 
It's a paradigm shift that I need to wrap my head around.

Old School:  AD on-prem, machines join the domain, users auth to the domain.

New School:  Windows Hello or pin stored locally Surface laptops, machines don't join the on-prem domain but are managed with Azure AD tools (mdm and alike), Device SSO with O365.  

The questions or best practices I'm looking for....

  Is new school the correct way to set things up? 

  How will users be prompted to reset passwords when their machines aren't joined to the on-prem domain that feeds GPO's?

  Current printer queue's are part of the domain.  Need a solution as to how folks print to a domain printer when they are part of the domain.

  What are others doing with this new paradigm?

TIA
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 873
Reply with quote  #2 
Quote:
Originally Posted by pmarsh
It's a paradigm shift that I need to wrap my head around.

....

  What are others doing with this new paradigm?

TIA


One of our SA's is all for the new school.
We let him roll with it.

Then we deploy on premise AD.


If its a new business, with mostly mobile users, then it makes sense.
If they have 2 comms rooms (rough metric) then its still old school.

When all the solutions are joined up, work the way marketing says it does, and the solution doesn't change every 6 weeks, then maybe the new way will rock.
Or maybe I'm too old and cranky!

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Wes

Senior Member
Registered:
Posts: 230
Reply with quote  #3 
We do both (hybrid).

Machines are still AD djoined and mostly managed via old school gpos. We run Enterprise LTSB 2016.

Machines and users are synched to AAD for the following purposes:
Exchange hybrid (primary mailboxes on prem tho, archive mailboxes in the cloud)
Skype Broadcast Meeting (users are on prem)
Windows Hello for Business
Intune (haven’t really dug into this too much yet but have piloted conditional access for Activesync with Exchange onprem connector)

There are a lot of other online tools we are taking advantage of for certain groups... sharepoint libraries, office online apps (coauthoring), online archive for exchange, etc
0
lady_mcse

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 94
Reply with quote  #4 
Quote:
Or maybe I'm too old and cranky! 


But at least you're not frumpityglump.  

What's frumpityglump you ask?  Why, didn't you know that it's the new word for "alone"?  Come on, get with the program already!  Just check the roadmap, we started using frumptiyglump six months ago and all the developers liked it, so now it's out in general release.  We expect it to make it to the dictionaries in another year or two.  
0
Mark

Hacked Mark's Facebook Account
Registered:
Posts: 273
Reply with quote  #5 

Joe, how are you managing them?  Intune?  "No GPOs, expensive Intune now" is a big part of "new school."

 


__________________
May I ask that everyone please populate the first name and last name in your user account profile.  Thanks!
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 873
Reply with quote  #6 
Quote:
Originally Posted by Mark

Joe, how are you managing them?  Intune?  "No GPOs, expensive Intune now" is a big part of "new school."

 



Quite badly TBH.

Intune changes a lot.
O365 changes a lot.
Damn it Azure changes a lot.
Its almost a job to keep up with the changes - hence my desire for On Prem and GPO/ centralised reporting.



__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Mark

Hacked Mark's Facebook Account
Registered:
Posts: 273
Reply with quote  #7 
Totally agree.  But you're never going to see it, sadly.
__________________
May I ask that everyone please populate the first name and last name in your user account profile.  Thanks!
0
jsclmedave

Administrator
Registered:
Posts: 455
Reply with quote  #8 
Quote:
Originally Posted by wobble_wobble


Quite badly TBH.

Intune changes a lot.
O365 changes a lot.
Damn it Azure changes a lot.
Its almost a job to keep up with the changes - hence my desire for On Prem and GPO/ centralised reporting.




"Its almost a job to keep up with the changes"

You got that right!! I cannot keep up especially since I am NOT able to focus on this on a daily basis.  Is this the plan now?  Impossible to keep up so you HAVE to rely on Microsoft Technical Services 100%..?

I'm going to an AZURE seminar in Irving TX on Nov 7th just to see what I have been missing.  This is not job related (yet).  I'm going for my personal curiosity.


Azure Container Hackfest

Nov 07, 2017 — 9:00 AM - 3:30 PM  |  Irving, Texas

https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x27710180001

 






__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.