Let’s learn more about How to Join Windows 10 Machines to Domain or Azure AD in this post. You can check Windows 11 Azure AD Join step by step guide – Windows 10 Azure AD Join – Manual Process Explained.
Windows 10 RTM is now available for download; more details are here. I’ve loads of Windows 10 related posts here. In this post, we’ll cover the process of Windows 10 AAD join and Classic Domain Join !!
Video – How to Join Windows 10 Machines to Domain or Azure AD
How to Join Windows 10 Machines to Domain or Azure AD?
Domain Join Settings
When you start the process of Azure AD joins with Windows 10, there are two ways to achieve this. First, you can go to Settings –> Accounts –> Work Access and click on Join or Leave Azure AD link. Another way is to go to Settings –> System –> About and join Windows 10 machine to Azure AD.
When you click on the link (Join or Leave Azure AD) as mentioned in the above step, it will take you to Windows 10 Settings–>System–>About page. From the about page, you can change the Windows 10 machine name before joining Azure AD by clicking on Rename PC (Windows 10 PC). To join your organization’s Azure AD, click on the Join Azure AD button.
On this page, you need to provide a Work or School ID used for Office 365 or any other Microsoft cloud or business solutions. I’ve entered my cloud ID (Azure AD user ID) and password and clicked on the Sign-in button.
When your organization has enabled multi-factor authentication (MFA) on Azure AD, then you will receive a verification call on your mobile number, and you need to answer that call and press # to complete the authentication process.
If MFA is not enabled, the Azure AD join wizard will ask you to check and confirm your organization’s name and details. Once you are sure about the organization Azure AD domain you want to join, click on the JOIN button on the screen below.
How to Join Windows 10 Machines to Domain or Azure AD
The Windows 10 machine will connect to Azure AD and complete the authentication and AAD join process. This may take some time, depending on your internet speed.
All finished now. 🙂 Windows 10 machine has joined Azure AD.
Click on a finish to complete the process. You can have auto-enrollment enabled for Microsoft Intune when machines join Azure AD; in that way, there is no need to search in the Windows Store for the Microsoft Intune company portal and install – enroll it 🙂
To confirm Azure AD join, you can go to Settings –> Accounts –> Work Access and confirm whether your organization name is showing up there or not. You can click on that button and check the Azure AD sync details to see whether policies are getting synced or not.
How to enroll Windows 10 machine to Microsoft Intune?
When you have set auto-enrollment for your organization’s AAD tenant, then all the devices which are joined to AAD will automatically be enrolled to Microsoft Intune.
You don’t have to separately install Intune company portal from the Windows store and enroll the devices. As you can see in the following screen capture, my surface is enrolled to Intune automatically 🙂 and the device type is detected as Mobile. More details about auto-enrollment features are explained in the post here.
How to Perform Windows 10 Domain Join?
Domain join is the old classical way of joining your Windows 10 machine to your Work domain. Go to control panel – system properties and click on change settings.
On the system properties window, click on Network ID to join Windows 10 machine to a domain. The Windows 10 domain wizard is changed a bit. On the second window, Join a Domain or Workplace – select one of the options that describe your network.
Either select “This computer is part of a business network I use to connect to another computer” or “This is a home computer; it’s not part of a business network”.
Select 1st option if you want Windows 10 machine to a domain. Select the 2nd option if you want Windows 10 machine for the workplace.
How to Join Windows 10 Machines to Domain or Azure AD
How to Rename Windows 10 machine and How to perform Domain Join for Windows 10 machine
Windows 10 Latest Version Of Client Operating System From Microsoft (anoopcnair.com)
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
23 thoughts on “How to Join Windows 10 Machines to Domain or Azure AD”
How do you setup auto enrollment for Intune?
It’s there in the technet blog link provided at the bottom of the post
auto-MDM enrollment with Azure Active Directory (AAD) and Microsoft Intune more details 🙂 http://wp.me/p6lWkQ-3Q
I’ve joined AD on some devices and had to reset one of them, so now the connection is lost… Only problem is: this happened to be the only user on this device, I can’t log on any more… Any ideas about what I could do??
Please login as local Admin and disconnect and restart the PC you all set.
I do not have the Join Azure AD button on my Windows 10 Enterprise and it is driving me crazy
Anoop, I have the same issue that Greg has mentioned above. Is there a solution to this or do we join using the classical way of joining the domain ?
Are you using the latest version of Windows 10? 1607? Have yo already connected to WiFi… if you skipped the WiFi option then the AAD screen won’t come up…
I may have found out the issue. I tried to login with the ID I have in our Azure AD account and told me there was a problem. I have not setup the MDM yet and it tells me that in the error on why I’m not connecting. If after I get everything setup and have an issue, I’ll reach out. Thank you.
Nice Article. How it help to developer in terms of balance the day to day life.
This article was helpful but do have a challenge for you. When I set up a new machine recently I joined it to an Azure AD, but now actually need to join it to a domain. It does not appear the two can co-exist as when I try and join it to a domain, it wants me to disconnect from the Azure AD. However, when I try to disconnect from the Azure AD it wants alternate account info on the local machine. So would love some ideas as to how to get it connected to the domain and get it off Azure AD (or have both).
Thanks in advance!
Jeremy – I have not seen any requirement yet to have a device joined to On Prem Domain as well as Azure AD. Why do think, you need both?
If you have Azure AD connect syncing all identities from on prem AD to Azure AD, then that on prem AD is called Hybrid AD.
Hybrid AD join is similar to both Azure AD join as well as domain join. But it’s not same. From a functionality perspective, you can perform Azure AD authentication with Hybrid Domain join machines.
Yeah it’s normal that you need to have local account before disconnecting from Azure AD otherwise you won’t be able to login to Windows 10 machine.
Does that make sense?
I have had a very mixed experience. One machine presented the option to join to Azure AD on the build from OEM 10 Pro boot up. The problem was that this machine could see our entire domain. Yet our Domain could not see this Azure AD connected machine. My second laptop did present an option to join Azure AD out of the box. I eventually found a link in the settings to join. However, the machine never changed from OEM Pro to Enterprise Subscription. I hope that you can shed some light on this.
Hi David – Can you explain a bit about “the machine could see our entire domain” and “Domain could not see this Azure AD connected machine”. What does that mean? You can’t see the Windows 10 machine in Azure AD portal or You can’t see the machine record in On Prem Domain? Or is this related to something else. There are couple of things here. 1. Do you have Hybrid Domain or AD (more details about the Hybrid AD in the above comment?) 2. Did you assigned Windows 10 enterprise license to that user from Azure AD? This is required to get the activation and conversion from Pro to Enterprise SKU of Windows.
I have a question , all the enrollment points back to OOBE or adding account manually. I have domain joined machines all windows 10 updated to latest OS, how i can i enroll all the devices to Intune.
Domain join machine can be enrolled using +connect option
so meaning this has to be done on invidiual machines , not other option to mass register 500 + machines ?
Group policy as I mentioned in the post
Is there a way to manually join Azure and Local Domain? I don’t want to use Autopilot right now.
Can a laptop be joined to local AD as well as Azure AD ? The purpose is to push group policy from local AD and windows pilot from InTunes. Is this possible ?
“This article was helpful but do have a challenge for you. When I set up a new machine recently I joined it to an Azure AD, but now actually need to join it to a domain. It does not appear the two can co-exist as when I try and join it to a domain, it wants me to disconnect from the Azure AD. However, when I try to disconnect from the Azure AD it wants alternate account info on the local machine. So would love some ideas as to how to get it connected to the domain and get it off Azure AD (or have both).”
And Anoop gave an incomplete answer – Anoop: You are assuming only 2 scenarios: 1. Hybrid & 2. Azure AD connected/joined; but this is not the only case! Please don’t asssume. Many of us fall into the 3rd category: NO ON-Prem at all. In other words, “Pure Azure AD,” with no hybrid, no synch, etc. THIS is the scenario many people are overlooking! THIS is the one we need to solve! We have ONLY Azure AD connected/joined workstations, but we need them to be “true domain-joined” directly to our Azure AD, but NOT via Hybrid (we have no on-premise); and NOT via “Azure AD Join.” We need the old-fashioned “direct-join to the AD domain,” which is the 3rd scenario and is possible. We have a number of workstations which were Azure AD-Joined; but we need to convert them to “direct domain join;” i.e., Properties, Network, “Join a domain.” And as Jeremy mentioned, this seems to be a problem, IF your workstations already are Azure AD-Connected/joined – it’s kind of a sticky situation. We have ONLY the Azure AD DS; but we need to ensure our workstations are directly joined to the Azure AD domain; so that we can see them on the AD DS OUs, and so that we can enforce group policy, etc. I know there are certain advantages to remaining Azure AD-Connected/Joined; but that presents other issues; and in that scenario, the workstation devices show up ONLY in Azure AD Portal; and not in any OUs in Active Directory Users and Computers. So, we have to take workstations, connect to VPN, then directly “join a domain;” which again, is that 3rd option that everyone seems to ignore.
[email protected] wrote
You are assuming only 2 scenarios: 1. Hybrid & 2. Azure AD connected/joined; but this is not the only case! Please don’t asssume. Many of us fall into the 3rd category: NO ON-Prem at all. In other words, “Pure Azure AD,” with no hybrid, no synch, etc.
There are two scenarios as per Microsoft documentation. Azure AD Join might have two categories:
Azure AD Join without any on-Prem AD. This situation is not sticky from device management perspective – this is the path many big organizations are still choosing because of several reasons. One of them is App remediation efforts and delay.
Azure AD Join with on-Prem AD