How To Join Windows 10 Machines To Azure Active Directory

Whether you’re full on cloud or an established Azure AD hybrid domain, you might want to know how to join Windows 10 to Azure AD. This would be useful to test a few machines in the cloud for Intune, Autopilot or just to get an idea of what it’s like to manage a fully cloud machine. As always, whenever you tread the waters of new territory you will run into challenges. We won’t cover those challenges in this article but we will get you headed in the general direction of having cloud machines.

Azure Active Directory Join Prerequisites

As with many configurations, there are some prerequisites that you’ll need to have in place to get this working without issues. Luckily, these settings are the default in Azure but its good to over them just in case another admin has explicitly changed them.

• In Azure, navigate to Azure AD -> Devices -> Device Settings
• Direct Link: https://portal.azure.com/#blade/Microsoft_AAD_Devices/DevicesMenuBlade/DeviceSettings/menuId/
• Set Users may join devices to Azure AD to All
• Set Users may register their devices with Azure AD to All
• Under Require Multi-Factor Authentication to register or join devices with Azure AD set to Yes as this is the recommended action from Microsoft
• For Maximum number of devices per user: set the recommended number to 20
• Save Settings

Join Windows 10 To Azure AD From Fresh Install

Microsoft really took out all of the guess work on newer installations when you want to join computers to Azure AD so we’ll cover the first option. If you ever installed a fresh Windows 10 machine using the provided ISO from Microsoft, the wizard will actually prompt you if you want to sign in with Microsoft. Luckily for us, it’s as easy as entering in our credentials and approving the MFA challenge (if applicable). I would strongly recommend you Deploy MFA Using Azure AD Conditional Access if you haven’t setup MFA in your environment.

 

The added benefit to this is further along the wizard, it will ask you if you want to use Windows Hello with your account. For those not familiar with Windows Hello, it allows you to essentially go Passwordless since it uses the system TPM/Biometrics (PIN, facial recognition, fingerprint) as your password and strong authentication method. It’s the perfect balance of security and convenience to give you the best user experience and it works great.
 

Once the setup has finished you can navigate to Start -> Settings -> Accounts -> Access work or school and you should see “Connected to <YourTenant> Azure AD”

Join Computer to Azure AD From An OnPrem Domain Joined Machine

If you already have a machine that is currently joined to an OnPrem Active Directory domain and want to move your machine to a cloud only environment, then this portion is for you. This also applies if the machine is already setup and you’ve already gone through the OOBE setup.
 

As mentioned earlier, the place to check if it’s added to a domain is going to be in the account settings. To access it, navigate to Start -> Settings -> Accounts -> Access work or school and here you’ll have the ability to disconnect the machine from the domain.

 

In my case, my OnPrem domain is ad.thesysadminchannel.com so when I try and disconnect from it, I’m faced with a prompt to confirm.

 

Follow the prompts and restart your machine. Once the machine has completed its reboot, sign in with a local administrator and navigate back to the account settings and click “Connect”. Here is where you’ll be able to Join Windows 10 to Azure Active Directory. When prompted with the “Set up a work or school account” – be sure to click Join this device to Azure Active Directory

 

After clicking on the link, you’ll be prompted to enter in your credentials and once again you’ll need to confirm that this is your organization by clicking on Join.

 

Once everything has been confirmed, go ahead and reboot your system and you should be able to login with the Azure AD account. Finally, just for grins, we’ll also confirm the machine is Azure AD joined by going into the account settings and seeing it there.

 

We’ll also confirm the device is part of the devices list in Azure AD

Conclusion

Hopefully this article explains how to join windows 10 to Azure AD and answered any questions you might have had. Personally, I like the fact that I have some flexibility of Azure AD and Hybrid Azure AD joined machines. Eventually, it will be the norm to be all cloud, but for now this is a step in the right direction.
 

If you found the information useful and want to learn about Azure AD, be sure to check out our Azure catalog. You might find something useful as far as content goes and might be able to learn a thing or two.