Hi,
We have rollout some VDI clients on laptops which are joined to our AD domain. Users who works from remote locations are using two factor authentication (AD domain credentials and SMS password).
Since that time, users stopped using the VPN connection on their laptops and we can see some issues related with this:
- First when the user's password expires, the user is able to change it in AD over the VDI but it is not in sync with the user laptop.
- When the user password expires, the password change is not possible because the user will not receive an SMS after authenticating with an old password.
- Second when the laptop is not connected to our network all group policies are not refreshed and finally computer account expires in AD. Also we cannot apply new settings to those clients.
I am curious, what you would suggest in this scenario to handle laptops and provide users great experience?
- Should we still encourage users to use the VPN from time to time and keep the VPN servers
- Should we cancel the VPN, unjoin all laptops from the domain and use SCCM agent for a remote management (I guess MS Intune would be in scope or maybe I miss something?)
- Maybe there is an option or functionality within VM Ware Horizon View client which can synchronize the GPO to the local PC during the VDI session which I am not aware of?
I would appreciate any input.
BR
Mike
