With Azure AD Join, devices are directly integrated into Azure AD. It does not require a local Active Directory. Azure AD Join is ideal for companies that do not want to run an on-premises infrastructure.
Azure AD Join lets you manage devices centrally and securely.
Prerequisites and Licensing
- Windows 10 1607 or later
- Windows 11
There is no other paid licensing necessary.
Setting permissions for Azure AD Join
The default values for the permission to register a device in Azure AD are configured in the Azure Active Directory (https://portal.azure.com/).
“Azure Active Directory” > “Devices” > “Device Settings”
Default values are as follows:
- Authorized users who are allowed to join devices in Azure AD
- Maximum number of devices a user can join
- Multi-factor authentication for device registration is not enabled by default, but is highly recommended to be enabled.
Join devices
To join a device to the Azure AD, a “work or school account” must be added to the client.
The login is not performed yet, instead open “Join this device to Azure Active Directory”.
Now sign in with a Azure AD User Account.
Check and confirm the configuration.
The device is now joined into Azure AD.
Verify Azure Active Directory join state
In Azure Active Directory under “Devices”, the device just joined is shown as “Azure AD joined”.
The Azure AD Join state can be checked on the device with the following command:
|
1 |
dsregcmd /status |
Sign In with user account from Azure AD
The sign in to the Windows client is now done with the user credentials from Azure AD, the username has to be entered in the following format:
|
1 |
AzureAD\UserPrincipalName |
Follow me on LinkedIn and get informed about my latest posts.
Was this post helpful to you? Show your enthusiasm with the delightful aroma of a freshly brewed coffee for me!
