You can set up Microsoft Entra Join for all Windows 10 and 11 devices except Home Editions. Enrolling your device in Entra ID allows device management through the Entra admin center and integration with Mobile Device Management (MDM) solutions like Intune. Let’s check the steps to Join a Windows device to Entra ID.
Table of Contents
STEP 1 – Check Microsoft Entra Join and Registration Settings
- Sign in to the Entra admin center.
- Under Identity, Go to Devices > All devices.
- Under Manage, Click on Device settings.
Select the users and groups that are allowed to join devices to Microsoft Entra. This setting is only applicable to Microsoft Entra join on Windows 10/11. This setting does not apply to Microsoft Entra hybrid joined devices, Microsoft Entra joined VMs in Azure and Microsoft Entra joined devices using Windows Autopilot self-deployment mode as these methods work in a userless context.
Users may join devices to Microsoft Entra
STEP 2 – Join a Windows device to Entra ID
Please find below the steps to join a Windows device to Entra ID. I would be using a Windows 11 device for demonstration purposes, but you can also use the same steps to join a Windows 10 device. Let’s check the steps:
- Go to Start > Open Settings App.
- Go to Accounts > Find Access work or school on the right-hand side.
- Click on Connect next to Add a work or school account.
- Click on Join this device to Microsoft Entra ID.
- I have used a normal user account without any Administrator role in Azure to join this device to Entra ID. This is possible because the User may join devices to Microsoft Entra, and the configuration is set to All.
- Once you are authenticated, you will get a prompt to confirm if you want to join this device to Entra ID. It will present you with Entra ID Org. name, User Name, and User type Information. Please click on Join to Proceed
- The device registration process will commence once you click the Join button. After completing it, you’ll receive another pop-up confirming that This device is connected to <Entra ID organization name>.
- If you go to Accounts > Find Access work or school, check. You can check the connection details.
- In the Entra Admin Center, under All Devices, you’ll notice that the device is now listed as Microsoft Entra Joined, and the owner information is displayed.
How to Join a device to Entra ID using the command line
Using the command line, you can use specific commands to join a device to Entra ID. By opening a PowerShell console as an administrator, you can type the following command: dsregcmd /join to join a device to Entra ID.
Conclusion
In this blog post, we’ve covered the steps for joining a Windows device to Entra ID. It’s worth noting that your device may automatically enroll in Intune depending on the Autoenrollment settings configured on the Entra admin center.
To learn more about auto-enrollment settings, refer to the post Initial setup of Microsoft Intune MAM/MDM and scroll down to the section Configure Automatic Enrollment.
More Information
To learn more about the difference between Entra Join, Hybrid Entra Join, and Entra registered devices, Please refer to the below points:
- Microsoft Entra Joined – When a device is only joined to Entra ID without being connected to an on-premises Active Directory, sign-in to the account must be done using an organizational-provided Entra ID account.
- Hybrid Entra Joined – When a device is already domain-joined with an on-premises Active Directory and simultaneously joined to Entra ID, its status in Entra ID will show as Hybrid Entra Joined
- Microsoft Entra registered – These are personally owned devices that may or may not be enrolled in Intune. Users are not required to use a corporate account to log in to the device. The device is automatically Entra registered when a user logs on to an organizational application using their corporate identity, or it can also be manually registered via the Settings App on a Windows PC.
Hi!
I have a free Entra ID account with a Microsoft Hotmail account (private) and I am not allowed to join Entra ID. I thought it should be possible since it is all private. How can it be done?
I am getting the error that private accounts cannot join Entra ID.
Thanks
Hello Moderator.
I have joined a laptop that was previously local AAD joined to Entra ID/
I noticed it created a new profile as though it is a fresh Build.
Now i have 2 user profile of firstname lastname within my C:\Users
How do I consolidate.
Program files are stuck on the LoacalAAd join profile