In previous articles I have explain how to integrate on-premises active directory with Azure AD. So users can have SSO experience with SaaS apps which is in the cloud. Also can use services such as self-service password reset.
With Windows 10 Microsoft align it with Azure AD to provide more “cloud” experience. Azure AD Join is new feature in windows 10 devices where you can directly link your devices to Azure AD.
Let’s look in to some of the major capabilities introduced by windows 10 to align with Azure AD.
1) Out-of-Box Experience and easy integration with Azure AD – when you switch on your windows 10 device first time, during the initial setup you can easily connect with the Azure AD using Azure AD Join option. It is few simple steps and if you do have the azure AD user account details without support of IT department easily can join your device.
2) Single-sign-on to your SaaS apps – With Azure AD join devices you can start using your cloud applications with SSO. It can be Office365 and other services already in cloud.
3) Automatic enrollment with Mobile device management solutions – if the organization uses the MDM solution such as Microsoft Intune, windows 10 devices can automatically enroll as part of Azure AD join.
4) Better control over fast changing accounts – your organization may have fast changing accounts such as sales department, interns etc. sometime these accounts cause issues with security as they may login from remote locations. But now with azure AD join devices you can control the identities for those accounts easily and the changes to the accounts apply to devices fast.
Now let’s see how to connect windows 10 device with Azure AD.
In my demo I do have Azure AD premium instance setup and it got a user account called user1.
I am going to connect a pc which run windows 10 enterprise to azure AD using Azure AD join.
1) Log in to the windows 10 PC > Start > Settings
2) Then Systems in the panel
3) Then option “About”, there you can select the option “Join Azure AD”
4) In next window click on next to start the process
5) Type your Azure AD user name and password and click sign on
6) Since this is new account it ask to set a password. Continue with click in “Sign In”
7) System confirms about account and organization info. Click on Join to continue
8) At the end system confirms as device now joined to Azure AD
9) Now let try to log in with Azure AD account
10) Boom!, I am in with Azure AD User Account
11) If you have MFA enable, it will ask to setup MFA in first login
12) In Azure portal I can see the device is registered under the user too
In this post I explain what azure AD join is and how it can use with windows 10 devices. If you have any questions feel free to contact me on rebeladm@live.com
Great post! Any idea if one can force Azure AD joined computers to require MFA for each login? Best I can tell is it only requires on initial join.