You can join Windows devices to Microsoft Entra for all Windows 10 and 11 devices except Home Editions. Enrolling your device in Entra ID allows device management through the Entra admin center and integration with Mobile Device Management (MDM) solutions like Intune. Let’s check the steps to join a Windows device to Entra ID.
Contents
1. Microsoft Entra join and Registration Settings
We need to ensure that users are allowed to join their Windows devices to Entra ID. You have the option to allow All users or a group of users permission to join their devices to Entra ID. We will be selecting All under Users may join devices to Microsoft Entra.
- Sign in to the Entra admin center.
- Under Identity, Go to Devices > All devices.
- Under Manage, Click on Device settings.
- Users may join devices to Microsoft Entra: All
Select the users and groups that are allowed to join devices to Microsoft Entra. This setting is only applicable to Microsoft Entra join on Windows 10/11. This setting does not apply to Microsoft Entra hybrid joined devices, Microsoft Entra joined VMs in Azure and Microsoft Entra joined devices using Windows Autopilot self-deployment mode as these methods work in an userless context.
Users may join devices to Microsoft Entra
2. Join a Windows device to Entra ID
Please find below the steps to join a Windows device to Entra ID. I would be using a Windows 11 device for demonstration purposes, but you can also use the same steps to join a Windows 10 device. Let’s check the steps:
- Go to Start > Open Settings App.
- Go to Accounts > Find Access work or school on the right-hand side.
- Click on Connect next to Add a work or school account.
- Click on Join this device to Microsoft Entra ID.
While joining the device to Entra ID, you may get the error code 80180014. This could be because of the Device platform restriction settings. For more details about fixing this error code, please refer to the blog post: Fix Intune Enrollment Error Code 80180014.
Error Code 80180014
- I have used a normal user account without any Administrator role to join this device to Entra ID. This is possible because the User may join devices to Microsoft Entra, and the configuration is set to All.
- Once you are authenticated, you will get a prompt to confirm if you want to join this device to Entra ID. It will present you with Entra ID Org. name, User Name, and User type Information. Please click on Join to Proceed.
- The device registration process will commence once you click the Join button. After completing it, you’ll receive another pop-up confirming that This device is connected to <Entra ID organization name>.
- If you go to Accounts > Find Access work or school, check. You can check the connection details.
- In the Entra Admin Center, under All Devices, you’ll notice that the device is now listed as Microsoft Entra Joined, and the owner information is displayed.
Join a device to Entra ID Using Command Line
Using the command line, you can use specific commands to join a device to Entra ID. By opening a PowerShell console as an administrator, you can type the following command: dsregcmd /join to join a device to Entra ID.
Conclusion
In this blog post, we’ve covered the steps for joining a Windows device to Entra ID. It’s worth noting that your device may automatically enroll in Intune, depending on the Autoenrollment settings configured on the Entra admin center.
To learn more about auto-enrollment settings, refer to the post Initial setup of Microsoft Intune MAM/MDM and scroll down to the section Configure Automatic Enrollment.
More Information
To learn more about the difference between Entra Join, Hybrid Entra Join, and Entra registered devices, Please refer to the below points:
- Microsoft Entra Joined: When a device is only joined to Entra ID without being connected to an on-premises Active Directory, sign-in to the account must be done using an organizational-provided Entra ID account.
- Hybrid Entra Joined: When a device is already domain-joined with an on-premises Active Directory and simultaneously joined to Entra ID, its status in Entra ID will show as Hybrid Entra Joined
- Microsoft Entra registered: These are personally owned devices that may or may not be enrolled in Intune. Users are not required to use a corporate account to log in to the device. The device is automatically Entra registered when a user logs on to an organizational application using their corporate identity, or it can also be manually registered via the Settings App on a Windows PC.
Hi!
I have a free Entra ID account with a Microsoft Hotmail account (private) and I am not allowed to join Entra ID. I thought it should be possible since it is all private. How can it be done?
I am getting the error that private accounts cannot join Entra ID.
Thanks
Hello Moderator.
I have joined a laptop that was previously local AAD joined to Entra ID/
I noticed it created a new profile as though it is a fresh Build.
Now i have 2 user profile of firstname lastname within my C:\Users
How do I consolidate.
Program files are stuck on the LoacalAAd join profile
Hi Jatin.
I’m trying to determine what user accounts are in the Local Administrators group on all laptops in my organisation.
I’m able to run the following script on my own laptop:
Get-LocalGroupMember -Group “Administrators”
However, this only lists the users in the Administrators group as an output within PowerShell.
Do you think this will work if I deploy it from Intune?
Kind regards,
John D.