Azure

Join Windows 10 Azure AD step-by-step

Today, organizations have evolved beyond using the simple on-premises infrastructure of traditional days. The traditional Active Directory domain that exists on-premises providing identity and access management services to all endpoints is no longer practical. Modern businesses are leveraging solutions in the cloud more than ever. This includes Software-as-a-Service environments like Microsoft Office 365 and Microsoft 365. Cloud makes a lot of sense for today’s very hybrid workforce layouts and hybrid infrastructure resources that may exist on-premises, in the cloud, and at the edge. Azure Active Directory (Azure AD) provides the means for organizations to join and control endpoints no matter where these are located. This post will look at the process to join Windows 10 Azure AD and why you may want to do this.

Access to Azure AD

Many may not realize that when your organization utilizes Microsoft’s cloud SaaS platform, Office 365 or Microsoft 365, Azure AD is actually being used in the background to provide identity and access management for the cloud SaaS environment. In fact, if you use your organization administrator account that was created when first configuring your Office 365 environment, you can navigate to portal.azure.com and log in with this account. After logging in, you can navigate to the Azure Active Directory blade in the Azure environment.

Depending on the subscription or service your organization uses, you will have access to different features and services in Azure AD. What are some of the capabilities you gain access to with Azure Active Directory and managing your endpoints?

Microsoft Endpoint Manager

Microsoft at Ignite 2019 announced Microsoft Endpoint Manager which effectively combines both Microsoft Intune and Configuration Manager into a single product for Microsoft 365 customers. It also encompasses the following tools and services:

  • Co-management
  • Desktop Analytics
  • Device Management
  • Admin Console

Any Configuration Manager customer can now use Intune to co-manage without any new licensing costs. Capabilities for customers include:

  • automate compatibility testing
  • deploy updates faster
  • take immediate action

What is Microsoft Intune?

Intune is a cloud-based MDM (mobile device management) solution that allows your business to control both apps and devices. You can control features not just on Windows 10 devices, but across all platforms, including Android, Android Enterprise, IOS/iPadOS, and macOS.

For hybrid environments (which are arguably the majority), there is an Intune connector for Active Directory that allows entries to be added for devices that are onboarded using Microsoft Autopilot.

What is Microsoft Configuration Manager

Configuration Manager is an on-premises solution that allows managing desktops, laptops, and servers on your network or that are located and accessible on the Internet. Configuration Manager is also cloud-aware as it can integrate with Azure Active Directory Defender ATP, and other Microsoft cloud services. What can you do with Configuration Manager?

  • Deploy apps
  • Update software
  • Update operating systems
  • Monitor compliance, and act on remediation tasks in real-time

What is Microsoft Co-Management?

Co-management is one of the ways to attach your on-premises Configuration Manager deployments to Microsoft 365. This allows adding other features to your deployment, such as Conditional Access. This allows parallel management of your Windows 10 devices using both Configuration Manager and Microsoft Intune. Windows 10 devices that have the configuration manager agent installed and are enrolled into Microsoft Intune benefit from both services.

Join Windows 10 Azure AD step-by-step

In the join Windows 10 Azure AD step-by-step walkthrough below, we will look at the process to manually join a Windows 10 workstation to Azure AD. This process is similar to joining a workstation to an on-premises domain. Below are screenshots taken from a Windows 10 20H2 workstation after installation.

First, you want to select Set up for an organization.

Choosing setup for an organization
Choosing setup for an organization

Use your organization account from Office 365 or Microsoft 365.

Entering your office 365 or microsoft 365 account for enrolling the workstation in the organization
Entering your office 365 or microsoft 365 account for enrolling the workstation in the organization

Enter the password for your cloud account.

Enter your office 365 or microsoft 365 account password
Enter your office 365 or microsoft 365 account password

Policies are in place that require additional authentication factors are configured for end-user access.

Setup additional account security verification
Setup additional account security verification

Microsoft directs you to download Microsoft Authenticator. However, you can also use other authenticator apps and these work just fine.

Beginning the configuration of the microsoft authenticator verification method
Beginning the configuration of the microsoft authenticator verification method

Below, after downloading the Microsoft Authenticator app, select to add a Work or school account.

Setting up your account on your phone with the microsoft authenticator app
Setting up your account on your phone with the microsoft authenticator app

Scan the barcode presented on-screen which automatically adds the account into Microsoft Authenticator.

Scan the qr code for configuring your microsoft authenticator app automatically
Scan the qr code for configuring your microsoft authenticator app automatically

Microsoft sends a test push message to your mobile device authenticator app.

Microsoft sends a test push notification to the microsoft authenticator app
Microsoft sends a test push notification to the microsoft authenticator app

Notification approval is reflected on the setup screen in Windows 10.

The notification is approved from the microsoft authenticator app
The notification is approved from the microsoft authenticator app

The setup and configuration of the sign-in method completes with the Microsoft Authenticator setup.

Microsoft authenticator is successfully configured
Microsoft authenticator is successfully configured

You are next prompted to setup Windows Hello.

Finalizing setup with windows hello
Finalizing setup with windows hello

Add a PIN for Windows Hello authentication.

Setting up a security pin
Setting up a security pin

After configuring the PIN, the process to join Windows 10 Azure AD is completed.

Setup of the windows 10 workstation attached to office 365 or microsoft 365 is complete
Setup of the windows 10 workstation attached to office 365 or microsoft 365 is complete

After stepping through the configuration of the organization account with my Microsoft 365 users, navigating to Azure Active Directory shows the workstations joined to Azure AD as well as managed by Microsoft Intune MDM.

Viewing azure ad joined devices in azure active directory
Viewing azure ad joined devices in azure active directory

Join Windows 10 to Azure AD after setup

What if you have already configured and setup your Windows 10 machine? How do you join Azure AD after setup? This is a simple process of navigating to Windows 10 settings > Accounts > Access work or school > Connect. You can also see which organization you are already connected to if joined during setup.

Join windows 10 to azure ad after setup
Join windows 10 to azure ad after setup

Wrapping Up

The process to join Windows 10 Azure AD is fairly straightforward and involves using your Office 365 or Microsoft 365 account as the organization account used to configure Windows 10. It will involve setting up authentication factors during the enrollment if you have not already done this with your organization account. You can also join Windows 10 Azure AD after setup by visiting the account settings in Windows 10.

Subscribe to VirtualizationHowto via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.