You can easily join a Windows 10 or Windows 11 device to Azure AD by following the steps given in this blog post. Before we start with the steps to join the device to Azure AD. I want to explain on what is Azure AD Joined and what are the other domain joining types available for a device.
- Azure AD Joined – When a device is only joined to Azure AD and not joined to On-Premise active directory. Sign-in to the account needs to be using an Organizational provided Azure AD account. Depending upon the automatic enrollment configuration and Azure AD Premium license assignment, After a device is joined to Azure AD, It may automatically Enroll into Intune.
- Hybrid Azure AD Joined – When a device is already domain joined with On-premise active directory and simultaneously joined to Azure AD as well. Its status in Azure Active Directory will show as Hybrid Azure AD Joined.
- Azure AD registered – These are personally owned devices which may or may not be enrolled into Intune. Users do not need to use corporate account to login on the device. Device is automatically azure ad registered when a user logs on to an organization application using its corporate Identity or it can be manually registered via Settings App on a Windows PC.
Today we will only talk about Azure AD Joined domain join type. This is a 100% Cloud Only Scenario. There are different ways to join a device to Azure AD. You can use Settings App on Windows or you can use command line to join to your organization.
Before you could join your device to Azure AD. Azure AD administrator needs to allow users to join a device to Azure AD. Please follow below steps to check this setting from Microsoft Entra admin center.
- Login on Microsoft Entra admin center
- Go to Devices > Overview
- Click on Device Settings
You can check Azure AD Join and registration settings under device settings and check if “User may join devices to Azure AD” setting is configured for All. If its set to None then users will not be able to join the device. The default configuration for this setting is set to “All“.
Recommendation is to configure this setting to “Selected” and allow IT Administrators to join the devices to Azure AD. This way you will have control on which devices can join your organization.
Steps to join a Windows device to Azure AD
Please find below steps to join a Windows device to Azure AD. I would be joining a Windows 11 device to Azure AD but you can use the same steps to join a Windows 10 device as well. Let’s check the steps:
- Go to Start > Open Settings App
- Go to Accounts > Find Access work or school on the right hand side
- Click on Connect next to Add a work or school account
- Click on “Join this device to Azure Active Directory“.
- I have used a normal user account without any Administrator role in Azure to join this device to Azure AD. This is possible due to the “User may join devices to Azure AD” setting configuration which is set to “All“.
- Once your are authenticated, you will get a prompt to confirm if you want to join this device to Azure AD. It will present you with Azure AD name, User Name and User type Information. Please click on Join to Proceed
- After you click on Join button, your device registration process will start and once its complete. It will have another pop-up to confirm that “This device is connected to <Azure AD name“.
- It also provides further information about your Sign-in process. You can switch your account and use your Azure AD account to login on this PC.
- If you Go to Accounts > Find Access work or school and check. It will now show that your device is Connected by <user’s UPN> and its “Connected to <Azure AD name> Azure AD“.
- On Microsoft Entra admin center > All devices, you will find that the device is now showing as Azure AD Joined along with that the Owner Information is displayed. As I have also setup Auto enrollment of Azure AD devices into Intune. Under MDM column you can see Microsoft Intune which means this device is managed by Microsoft Intune.
How to join a device to Azure AD using command line
If you prefer to join an Azure AD device using command line then the commands are also available. You can open powershell console as an administrator and type dsregcmd /join command to join a device to Azure AD.
Conclusion
In this blog post, we have seen the steps to join a windows device to Azure AD. Your device may get automatically enrolled into Intune depending upon the Autoenrollment settings configured on Azure AD portal.