Windows 10 Tips: Joining a device to Azure AD

  • Article

Azure AD Join, similar to Domain Join, enables devices to be made visible in a directory to be managed and gain access to assigned resources. Windows 10 has the ability to register and authenticate directly with Azure AD without the requirement of a Domain Controller needed unless the respected IT administrator chooses to do so. Amidst the the initial startup process, end users can be empowered to automatically register with Azure AD join thus registering the device in the organization's directory and enabling it to be managed via a Mobile Device Management offering of choice.

With Azure AD Join support made available in Windows 10, organizations offer untouched or store purchased devices to their employees with no requirement to sys prep or image beforehand (unless so desired by the organization’s IT Administrator). The process to register a Windows 10 device with Azure AD Join is as follows:

  1. Once the initial settings are completed (Region, Language, Connectivity, etc…) the end user must select This device belongs to my organization to start Azure AD Join
     
    Windows10_AzureADJoin_001
     
  2. The end user must now enter their assigned username and password to continue
     
    Windows10_AzureADJoin_002
     
  3. Once the credentials are entered, the Azure AD Join process searches for the matching tenant. In some online only cases, the page will show their organization's branding. If the credentials belong to a member of a federated domain, the employee is redirected to the organization's on-premises Active Directory federation server (ADFS) to authenticate
     
    Windows10_AzureADJoin_003 
  4. IT administrators can also enforce second factor of authentication to continue
     
    Windows10_AzureADJoin_004
     
  5. Once Azure AD authentication has been verified, the end user will be asked to agree to the enrollment terms should the device be required to be enrolled in MDM. IT administrators are empowered to modify as needed
     
    Windows10_AzureADJoin_005 

Once the enrollment terms are agreed to, the device is enrolled in MDM and registered in the organization's directory. Since Windows 10 is a platform offering (PC, laptop, tablet, phone, etc…) similar process will apply in joining those devices to Azure AD Join.