Device writeback feature allows to writeback Azure AD Joined Devices to On-Prem and allows end users to use enterprise credentials to login as well organizations to control policies on those devices.
- Enterprise Admin rights on on-prem active directory.
- Global Administrator rights in office 365.
- Should have one or two device joined to Azure AD so that you can verify those are working.
- Decide before hand if you need ‘Hybrid Azure AD Join’ & ‘Device writeback’.
- in this article we are doing device writeback.
Here are the steps to enable Device writeback :-
- Launch Azure AD Connect.
- Click on ‘Device Writeback’.
- Click next, You will be asked for two options. We will be doing ‘device writeback’ in this article.
- Provide your Global Admin credentials.
- As soon as you click ‘Configure Device writeback’ new options will appear in navigation tree.
- Provide your ‘Enterprise Admin Credential’, This will prepare your Active Directory to host new objects and create a new OU name ‘RegisteredDevice‘ will be created.
- This prompt will show, what will be configured.
- It may take ~5 minutes to complete and you will be promoted with this screen at completion.
- I had these devices in Azure AD,
- Azure started sync and we can object status in Azure AD Connect.
- You will see a organization unit and it will have Objects synced from Azure AD.
- It will now created objects in the OU, Also please monitor synchronization service. because that might throw error if service account doesn’t have sufficient permission to create objects in OU.
Please read article for more information :
Thank you for reading !