Windows 10 Intune Enrollment -Azure AD Joined & Azure AD Registration

Azure AD Registration

Azure AD registered devices is to provide support for the Bring Your Own Device (BYOD) or mobile device scenarios. In these scenarios, a user can access your organization’s Azure Active Directory controlled resources using a personal device.

Azure AD registered devices are signed in to using a local account like a Microsoft account on a Windows 10 device, but additionally have an Azure AD account attached for access to organizational resources. Access to resources in the organization can be further limited based on that Azure AD account and Conditional Access policies applied to the device identity.

Azure AD joined

Azure AD devices is for corporate owned and managed devices. These devices authenticated using corporate azure AD account. Azure AD join mainly intended for organizations that want to be cloud-first or cloud-only. Any organization can deploy Azure AD joined devices no matter the size or industry. Azure AD join works even in a hybrid environment, enabling access to both cloud and on-premises apps and resources.
Administrators can secure and further control Azure AD joined devices using Mobile Device Management (MDM). Azure AD join can be accomplished using self-service options like the Out of Box Experience (OOBE), bulk enrollment, or Windows Autopilot.

Prerequisite for Windows 10 Intune Enrollment  -Azure AD Join & Registration

  • Azure active directory & Intune subscription, setup, and configuration needs to be completed
  • Admin User needs to be created and appropriate License/access needs to be assigned for enrollment
  • Configure MDM User scope for Auto enrollment

We need to Configure MDM User scope. Specify which users’ devices should be managed by Microsoft Intune. These Windows 10 devices can automatically enroll for management with Microsoft Intune. There are three options,

  • None – MDM automatic enrollment disabled
  • Some – Select the Groups that can automatically enroll their Windows 10 devices
  • All – All users can automatically enroll their Windows 10 devices

(below is the reference screenshot, here we have selected some and User group has been added for Auto Enroll)

Join Windows 10 Device to Azure AD

Below are the manual steps to join the Windows 10 device with Azure AD

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school
  • Click on Join this Device to Azure Active Directory link from Alternate Actions
  • Enter Corporate Email ID and Password
  • Click on Next to start the Azure AD registration process (Enabled Authenticator) – Enter the Authentication Code
  • Click on JOIN button from the popup Windows Make sure this is your organization.
  • Click on DONE button to Finish Windows 10 Azure AD Join process

Windows 10 Device has been joined Azure AD successfully.

We could see the Device in Azure Portal as Azure AD Joined

We could see the Device in Intune Portal as Corporate (Ownership)

Register Windows 10 Device to Azure AD

Below are the steps to register the Windows 10 BYOD (Personal) device with Azure AD

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school > Connect
This image has an empty alt attribute; its file name is image-5.png
  • Enter Corporate Email ID and Password (Do not required to Select the alternate option)
  • Enter Authentication Code by Using Mobile App
  • Click on Done to complete the Azure AD registration process

Windows 10 Device has been Registered in Azure AD successfully.

We could see the Device in Azure Portal as Azure AD registered

Since this BYOD scenario, We could see the device has been automatically enrolled as Personal device in Intune Portal.

Thank You for reading this post!

Reference Link: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join

I hope this post has given you an understanding of windows 10 Intune enrollment on AAD join and Registration scenario’s.

Published by Tamilkovan

My name is Tamil Kovan and I work as a Technical Lead at PCCW Solutions. This is my blog where I will share tips and stuff for my own on System Center related topics.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: