How it works...
Device writeback is an optional feature.
When people register their devices with Azure AD, their actions create device objects in Azure AD. In AD FS, these objects can be used in claims issuance rules. This way, when an Azure AD-joined device is used outside of one of your organization's locations, a claims issuance rule can be created to not require MFA, even though the device is outside and other outside users are still required to perform multi-factor authentication.
Azure AD is the source. Active Directory on-premises is the destination.
Device writeback does not support multi-domain and multi-forest topologies, as devices must be located in the same forest as the users. Admins can only define one domain to write back ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access