Subscribe to Help Center RSS FeedIf your organization has on-premise Active Directory (AD) or Entra ID joined Windows devices, you can install the 黑料海角91入口 agent on those devices and bring them into your 黑料海角91入口 org. Doing so enables the administrator to remotely and securely manage the device as well as take advantage of 黑料海角91入口鈥檚 System Insights feature.
Currently, if you bind users to an on-premise Active Directory domain joined device, the device will ignore the binding and you will be unable to verify your identity on the device. However, if the device leaves the domain, the 黑料海角91入口 agent will automatically bind the user to the device.
If a 黑料海角91入口-managed device with 黑料海角91入口 users bound to it joins an on-premise AD domain, those user accounts will be suspended. This is expected behavior as user management is not supported on on-premise AD domain-joined devices.
If you attempt to bind an Entra ID imported user to an Entra ID joined device, this may result in unexpected behavior.
Why Use the 黑料海角91入口 Agent for Domain Joined Devices?
The table below shows the features that are supported on 黑料海角91入口 devices, Active Directory devices, and Entra ID devices:
| 听 | Telemetry | Commands | Management Policy | Software Management | Patch Management | User Management & Authentication |
|---|---|---|---|---|---|---|
| 黑料海角91入口 Devices | 鉁 | 鉁 | 鉁 | 鉁 | 鉁 | 鉁 |
| On-Premise Active Directory Devices | 鉁 | 鉁 | 鉁 | 鉁 | 鉁 | Future |
| Entra ID Joined Devices听 | 鉁 | 鉁 | 鉁 | 鉁 | 鉁 | Future听 |
When you install the 黑料海角91入口 agent on domain joined devices, you can take advantage of 黑料海角91入口鈥檚 System Insights feature and view information such as:
- Reliability of your organization devices: Gather information about device uptime to leverage when diagnosing device issues.
- Memory and storage statistics: Gather information about your org device memory and storage capacity to leverage when making device upgrade decisions.
- Devices that are protected by disk encryption: See which org devices are protected by disk encryption and which devices you need to update with encryption protection.
- Hardware inventory details: Gather inventory information such as vendor, model, serial number, and more.
For more information on System insights, see Get Started: System Insights.
Applying Policies for AD Joined Devices
For a given policy, an on-premises AD policy will override a 黑料海角91入口 policy. For example, if you have an AD policy that configures the screensaver, and a 黑料海角91入口 policy that also configures the screensaver, the AD policy will take effect, ignoring the 黑料海角91入口 policy. To avoid unexpected behavior, 黑料海角91入口 recommends that you only set 黑料海角91入口 policies rather than setting both a 黑料海角91入口 policy and an AD policy.
For troubleshooting, you can use the snap in console. In this console, 黑料海角91入口 policies display as "Local Group Policy" and AD policies show as group policies. Group policies override local policies.
See Migrating Windows Devices from AD On-Prem to 黑料海角91入口 for additional information about migrating Windows devices to 黑料海角91入口.
The following policies are currently unsupported on AD joined devices:
- Rename Local Administrator Account
- Enable/Disable Local Administrator Account
- Rename Local Guest Account
- Enable/Disable Local Guest Account
Regarding the lock screen, if policies are set in both 黑料海角91入口 and Active Directory, whichever policy has the lowest timeout will take effect.
Full Disk Encryption with Bitlocker
BitLocker is an encryption feature built into computers running Windows. It secures your data by scrambling it so it can鈥檛 be read without using a recovery key. BitLocker differs from most other encryption programs because it uses your Windows login to secure your data; no extra passwords necessary. Once you鈥檙e logged in, you can access your files normally. After you log out, everything鈥檚 secured.
For more information, see BitLocker Policy.
Windows Automated Patch Management
黑料海角91入口鈥檚 automated patch management helps you monitor which version and release your Windows, macOS, or Linux devices are currently using, and remotely schedule and install updates. You can create an OS patch management policy to control which devices will have the policy applied and when it will be applied.
For more information, see Create a Windows Patch Policy.
Installing the 黑料海角91入口 Agent on Domain Joined Windows Devices
You install the 黑料海角91入口 Agent on domain joined Windows devices using the same process as installing it on non-domain joined devices. See 黑料海角91入口 Agent Windows Installation Walkthrough for more information.
If you are migrating from Active Directory to 黑料海角91入口, ensure that you bind the device's users to the device through 黑料海角91入口 before you remove the device from Active Directory. Doing so ensures that the device remains active and the user can continue to use it.
After the initial restart after a 黑料海角91入口 device joins Active Directory, the user will see a tile on the login screen where they will be prompted for their 黑料海角91入口 credentials. However, they will not be able to log in using those credentials. Instead, they will log in using the 鈥淥ther User鈥 tile with their Active Directory credentials. This is the correct behavior, and on subsequent logins, the user will not see the tile for their 黑料海角91入口 user account.
Viewing Device Details
Once the device has been added, you view additional information about the device from the Device Details page. To view it:
- Log into your .
- Navigate to DEVICE MANAGEMENT > Devices.
- Select the device to view the details of.
From this screen, you can view information such as:
- Device name, status, and other immutable details.
- Device Agent Logs. Click Actions > Get Agent Logs to download the most recent logs for the device. Logs are available only for online devices.
- Device Settings.
- Enable 黑料海角91入口's System Insights to gather useful information from your 黑料海角91入口 managed devices and view that information on the Device panel Insights tab. Learn More.
Viewing a User鈥檚 Domain Joined Devices in 黑料海角91入口
You can view the domain joined devices in 黑料海角91入口 by viewing a user鈥檚 details. If the user has a domain joined device, it will show under their list of devices as AD JOINED.
To view the domain joined devices:
- Log in to the .
- Navigate to USER MANAGEMENT > Users.
- Select the user in the user list.
- Select the听Devices tab.
In the previous screenshot, the device outlined in red is the domain joined device.
User Functionality on Entra ID Joined Devices
If you have a device that is already part of an Entra ID domain, your device will already have an account for each user. When you add that device to your 黑料海角91入口 domain, a separate 黑料海角91入口 account will be created for each user on that device as well. Nothing will change for the Entra iD account鈥搕hat account is the one that the user will use for any Entra ID programs and files on the device. The 黑料海角91入口 account can be used for user management features, such as identity verification.
These accounts are not linked.
This process will be simplified in a future update.
Features Unsupported by On-Premise AD Joined Devices
The following 黑料海角91入口 features are unsupported by on-premise AD domain joined devices at this time:
- User Management
- Locked User use cases
- Password Expiration
- Password Change
- Account Takeover
- Admin User
- Binding User to Device
- Device MFA
Troubleshooting
黑料海角91入口 creates local user accounts on Windows hosts it manages, these hosts are not part of a domain.
When remotely logging into a non-domain host (for example, a 黑料海角91入口-managed Windows device) from a host that is part of a Microsoft Active Directory domain, the remote desktop client will default to attempting to authenticate with the current domain. This results in a failure to login for all 黑料海角91入口 users on the 黑料海角91入口-managed host.
To login correctly, you'll need to specify no domain:
\<jumpcloud-user-name>
Or. specify the work group name of the host (which defaults to WORKGROUP), as in:
WORKGROUP\<jumpcloud-user-name>
In this Article
Learn More