Clarify ADFS client-side Implications in Note

[jeffjfield]

Under "Configure AD FS Settings" there is a note which says:

"If you failed to configure client-side SCP on your AD FS servers, the source for device identities would be considered as on-premises. ADFS will then start deleting device objects from on-premises directory after the stipulated period defined in the ADFS Device Registration's attribute "MaximumInactiveDays". "

Does that mean that device objects would be deleted from just the OU that the GPO configuring the client-side registry setting is linked to for the targeted deployment or would it start deleting all computer objects in the on-premises AD?

Thanks in advance!

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 2928e23e-3210-9e74-9cdb-1a19b703eac7
• Version Independent ID: 44e303ca-e4bc-ba30-5aae-311aa9318278
• Content: Targeted deployments of hybrid Azure AD join
• Content Source: articles/active-directory/devices/hybrid-azuread-join-control.md
• Service: active-directory
• Sub-service: devices
• GitHub Login: @MicrosoftGuyJFlo
• Microsoft Alias: joflore

[JamesTran-MSFT]

@jeffjfield Thanks for your feedback! We will investigate and update as appropriate.