Hybrid domain autopilot over vpn

Question

Hi,

We are planning to implement hybrid domain join autopilot over vpn. I have query regarding cert deployment via intune for Vpn client authencation.

In our environment we have certificate connector is installed which is currently used for ios and Android devices I.e PKCS CERTIFICATE profile. Can we use PKCS instead of Ndes/scep for hybrid autopilot  purpose?

Prompt response will be appreciated😊

 

Regards,

Kashif

solved 0
kashif Ali 2021-01-09T11:28:34+05:30 11 Answers 919 views Beginner
1

Answers ( 11 )

  2. Chander Mani Pandey
    0
    2021-01-20T19:57:20+05:30
    Reply

    So you can use cisco any connect start before login module application to create onprem connection before login.
    You just need to add this app in ESP as mandatory app.

    • Takema
      1
      2021-04-09T11:04:01+05:30
      Reply

      My customer currently using cisco any connect, and deploy device using Autopilot with HAADJ environment.
      But their environment, to establish the vpn connection, it needed to connect corporate network..
      My recognition, such environment, it’s not possible to realize the scenario that directly deliver device to users.
      Is my understanding correct?

  4. AL_KLA17
    0
    2021-01-15T07:36:20+05:30
    Reply

    How does this work in combination with an Always On VPN Device Tunnel ?
    I can create a win32 app which deploys the VPN Device tunnel, but for the device tunnel the Windows 10 edition should be an Enterprise edition.
    Windows 10 Pro is default deployed with AutoPilot, when a users signs in with a Microsoft E3 license it will be upgraded to an Enterprise edition.
    But I can’t logon because I don’t have a working VPN Device Tunnel after the deployment.

  6. Anoop C Nair
    0
    2021-01-09T13:27:35+05:30
    Reply

    I think more details in the following link …
    Can you please check

    https://docs.microsoft.com/en-us/answers/questions/118152/autopilot-hybrid-joined-devices-using-always-on-vp-1.html

    We will try to arrange demo in future if that is possible

  8. Anoop C Nair
    0
    2021-01-09T12:28:19+05:30
    Reply

    Hello – I’m not sure why do need scep or pkcs cert … for hybrid azure ad join ….

    Can you go through

    https://www.anoopcnair.com/windows-autopilot-hybrid-domain-join-guide/

    And let us know whether your topic is covered over there

    • kashif Ali
      0
      2021-01-09T13:00:48+05:30
      Reply

      Hi Anoop,

      Your blog and few other i used it to set it up, it works perfectly fine when device is connected to on prem lan (connectivity to dc). We are trying to this over internet using vpn client (Cisco anyconnect ) hence wanted to about cert part?

      Hope I am making it clear.

      Ps: I follow you blogs and YouTube demos most of the time. If you can setup a demo for hybrid autopilot over vpn that would be great for lots of people.

      Thanks

Leave an answer

Sorry, you do not have permission to answer to this question .