In this post i will cover how to join Azure AD. This is the current scenario i have configured. Keep in mind only Windows 10 1511 and new releases are supported. Adding a machine to Azure has its benefits. Some corporations have contractors and the contractors only require access to applications which can be housed in Azure. The key here is contractors don’t need access to the corporate domain and can be isolated to only resources they required which Azure is great for hosting.
- Lab domain
- Utilizing Azure AD Connect
- In Azure portal allowing devices to join
- Lab domain added in Azure AD and Azure AD connect synced
In this step im selecting Join Azure.
Next I will enter global administrator account. It can be different but for this example im choosing the admin of my lab domain.
It takes a few minutes to get the device ready.
Devices with TPM chip you can set a pin. It will use MFA to validate via text, email or phone call.
This is the next step to add a pin.
After Pin validation i wanted to see what domain it was on. I prompted this error to show im in Azure AD.
Now that we can successfully validate the Windows 10 machine has joined Azure AD lets go view it.
- From the Azure Administrator portal, you can view, block, and unblock devices. A device that is blocked will no longer have access to applications that are configured to allow only registered devices.
- Log on to the Microsoft Azure Portal as Administrator.
- On the left pane, select Active Directory.
- Select your directory.
- Select the Users tab. Then select a user to view their devices
- Select the Devices tab.
- Select Registered Devices from the drop down menu.
- Here you can view, block, or unblock the users registered devices.