You can set up Microsoft Entra Join for all Windows 10 and Windows 11 devices, with the exception of Home Editions. Enrolling your device in Entra ID provides the ability for device management through the Entra admin center and integration with Mobile Device Management (MDM) solutions like Intune.
Table of Contents
STEP 1 – Check Microsoft Entra join and registration settings
- Sign in to the Entra admin center
- Under Identity, Go to Devices > All devices
- Under Manage, Click on Device settings.
Select the users and groups that are allowed to join devices to Microsoft Entra. This setting is only applicable to Microsoft Entra join on Windows 10/11. This setting does not apply to Microsoft Entra hybrid joined devices, Microsoft Entra joined VMs in Azure and Microsoft Entra joined devices using Windows Autopilot self-deployment mode as these methods work in a userless context.
Users may join devices to Microsoft Entra
STEP 2 – Join a Windows device to Entra ID
Please find below the steps to join a Windows device to Entra ID. For demonstration purposes, I would be using a Windows 11 device, but you can use the same steps to join a Windows 10 device as well. Let’s check the steps:
- Go to Start > Open Settings App
- Go to Accounts > Find Access work or school on the right-hand side
- Click on Connect next to Add a work or school account
- Click on “Join this device to Microsoft Entra ID“.
- I have used a normal user account without any Administrator role in Azure to join this device to Entra ID. This is possible due to the “User may join devices to Microsoft Entra” setting configuration which is set to “All“.
- Once you are authenticated, you will get a prompt to confirm if you want to join this device to Entra ID. It will present you with Entra ID Org. name, User Name, and User type Information. Please click on Join to Proceed
- Once you click on the “Join” button, the device registration process will commence. After it’s completed, you’ll receive another pop-up to confirm that This device is connected to <Entra ID organization name>.
- If you Go to Accounts > Find Access work or school and check. You can check the connection details.
- In the Microsoft Entra Admin Center, under “All devices” you’ll notice that the device is now listed as “Microsoft Entra Joined” and displays the owner information.
How to join a device to Entra ID using the command line
If you prefer to join a device to Entra ID using the command line, you have the option to use specific commands. By opening a PowerShell console as an administrator, you can type the following command: dsregcmd /join to join a device to Entra ID.
Conclusion
In this blog post, we’ve covered the steps for joining a Windows device to Entra ID. It’s worth noting that your device may automatically enroll in Intune depending on the Autoenrollment settings configured on the Entra admin center. To learn more about auto-enrollment settings, you can refer to the post: Initial setup of Microsoft Intune MAM/MDM and scroll down to the section: Configure Automatic Enrollment.
More Information
To learn more able the difference between Entra Join, Hybrid Entra Join, and Entra registered devices, Please refer to the below points:
- Microsoft Entra Joined – When a device is only joined to Entra ID without being connected to an on-premises Active Directory, the sign-in to the account must be done using an organizational-provided Entra ID account.
- Hybrid Entra Joined – When a device is already domain joined with an on-premises Active Directory and simultaneously joined to Entra ID as well, its status in Entra ID will show as ‘Hybrid Entra Joined‘.
- Microsoft Entra registered – These are personally owned devices that may or may not be enrolled in Intune. Users are not required to use a corporate account to log in to the device. The device is automatically Entra registered when a user logs on to an organizational application using their corporate identity, or it can also be manually registered via the Settings App on a Windows PC.
