Merge pull request MicrosoftDocs#84803 from RavennMSFT/patch-13

PRMerger9 · web-flow · commit 41f1fa6cb2b7 · 2019-08-08T14:14:44.000-07:00
Update azureadjoin-plan.md
diff --git a/articles/active-directory/devices/azureadjoin-plan.md b/articles/active-directory/devices/azureadjoin-plan.md
@@ -74,6 +74,10 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints:
 
 If your identity provider does not support these protocols, Azure AD join does not work natively. Beginning with  Windows 10 1809, your users can sign in to an Azure AD joined device with a SAML-based identity provider through [web sign-in on Windows 10](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#web-sign-in-to-windows-10). Currently, web sign-in is a preview feature and is not recommended for production deployments.
 
+>[!NOTE]
+> Currently, Azure AD join does not work with [AD FS 2019 configured with external authentication providers as the primary authentication method](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/additional-authentication-methods-ad-fs#enable-external-authentication-methods-as-primary). Azure AD join defaults to password authentication as the primary method, which results in authentication failures in this scenario
+
+
 ### Smartcards and certificate-based authentication
 
 You can't use smartcards or certificate-based authentication to join devices to Azure AD. However, smartcards can be used to sign in to Azure AD joined devices if you have AD FS configured.
