There are many amazing features in Windows 10 but one that got me most is Azure AD Join.
So in this post I’ll explain how to join Windows 10 device to Azure AD.
You need to set up Azure AD first (or you can use Default Directory).
In Azure portal you select + (new).
Next step is to select APP SERVICES and ACTIVE DIRECTORY.
Then you select DIRECTORY and CUSTOM CREATE.
New window pops up. Here you need to select if you want to create new directory or use existing one, provide name for domain (name of service that is only used in portal) and domain name (name that will users use to connect to Azure AD and must be unique). You also must select region.
In portal select AD you created and go to CONFIGURE tab.
Go to device section where you have few options to set. You can set maximum number of devices that user can join to Azure AD. You can set MFA and if users can workplace join devices. Option you must enable is that users may Azure AD join device. If you set it to SELECTED, you will have option to select users or groups that can be joined.
After this is set, go to USERS tab and click on ADD USER.
New window pops up and you need to provide username. On next screen you must enter some user details such as first name, last name, display name and role. You can also enable MFA here.
After clicking on CREATE button you receive password that you can also email to your user.
User account is created and next step is to go to Windows 10 device.
Click Start and then Settings.
On settings screen select ‘System’.
On this screen you select ‘About’ and then ‘Join Azure AD’.
Click ‘Next’, enter username and password and click ‘Sign in’.
It will ask you to replace generated password, so enter old password(1) and new one(2,3).
Before final step, it will ask you to confirm that you want to join organization so click ‘Join’.
This screen depends on region you selected when creating Azure AD. Click ‘Next’ or in my case ‘Završi’ because I selected Croatia as region.
Sign out and on login screen select ‘Other user’. Enter username and password and sign in.
If you enabled MFA, it will first ask you to create PIN and provide phone number to authenticate. If MFA is not enabled, that’s it, your device is joined to Azure AD.
About options after joining device to Azure AD in some other post.
Until then, hope you liked my post and that will help someone.