In this post, we will learn more about how to Join Windows 10 Machines to a Domain or Azure AD. You can also check the Windows 11 Azure AD Join step-by-step guide: Windows 10 Azure AD Join—Manual Process Explained.
Windows 10 RTM is now available for download; more details are here. I’ve loads of Windows 10-related posts here. This post will cover the Windows 10 AAD join and Classic Domain Join process.
In this post, you will find comprehensive details on how to join Windows 10 machines to a domain or Azure AD, whether you are integrating your devices into a traditional domain environment or purchasing Azure Active Directory capabilities.
This guide provides step-by-step instructions to ensure an easy and efficient process. By following these guidelines, you can simplify your setup and improve the management and security of your Windows 10 devices.
- What is Windows 10 PIN How to Set PIN for Windows 10 Devices Machines
- Step-by-Step Guide to Enable Widgets on Windows Machines with Intune Policy
- Windows 10 21H2 Support is Ending in June
- Windows 10 ESU is going to Cost $61 USD per Device for 1st Year
Video – How to Join Windows 10 Machines to Domain or Azure AD
In this video, you will find details on all the Windows 10 initial setup options. These options are crucial as they determine how your Windows 10 machine is configured.
One key aspect is deciding who owns the Windows 10 machine. Depending on your choice, the setup process will vary, impacting your device’s overall configuration and management.
Domain Join Settings
There are two ways to join Azure AD with Windows 10. First, go to Settings –> Accounts –> Work Access and click the Join or Leave Azure AD link. Another way is to go to Settings –> System –> About and join a Windows 10 machine to Azure AD.
When you click on the link (Join or Leave Azure AD) mentioned above, it will take you to Windows 10 Settings–>System–>About page. You can change the Windows 10 machine name from the About page before joining Azure AD by clicking Rename PC (Windows 10 PC).
- Click the Join Azure AD button to enter your organization’s Azure AD.
System | Details |
---|---|
Edition | Windows 10 Enterprise |
Product ID | 00329-00000-00003-AA066 |
Processor | Intel(R) Atom(TM) x7-Z8700 CPU @ 1.60GHz 1.60 GHz |
Installed RAM | 4.00 GB |
System type | 64-bit operating system, x64-based processor |
Pen and touch | Pen and full Windows touch support with 10 touchpoints |
On this page, you must provide a Work or School ID for Office 365 or any other Microsoft cloud or business solutions. I entered my cloud ID (Azure AD user ID) and password and clicked the Sign-in button.
When your organization has enabled multi-factor authentication (MFA) on Azure AD, you will receive a verification call on your mobile number. Answer the call and press # to complete the authentication process.
How to Join Windows 10 Machines to Domain or Azure AD
If MFA is not enabled, the Azure AD join wizard will ask you to check and confirm your organization’s name and details. Once you are sure about the organization Azure AD domain you want to join, click on the JOINÂ button on the screen below.
The Windows 10 machine will connect to Azure AD and complete the authentication and AAD join process. Depending on your internet speed, this may take some time.Â
It’s all finished now. 🙂 The Windows 10 machine has joined Azure AD. Click on a finish to complete the process. You can have auto-enrollment enabled for Microsoft Intune when machines join Azure AD; in that way, there is no need to search in the Windows Store for the Microsoft Intune company portal and install – enroll it 🙂
To confirm your Azure AD join, go to Settings –> Accounts –> Work Access and confirm whether your organization name shows up there. Then, click on that button and check the Azure AD sync details to see whether policies are getting synced.
How Do You Enroll a Windows 10 Machine in Microsoft Intune?
When you set auto-enrollment for your organization’s AAD tenant, all the devices joined to AAD will automatically be enrolled in Microsoft Intune.
You don’t have to install the Intune company portal separately from the Windows store to enroll the devices. As you can see in the following screen capture, my Surface is enrolled to Intune automatically, and the device type is detected as Mobile. The post here explains more details about auto-enrollment features.Â
How to Perform Windows 10 Domain Join?
Domain join is the old classical way of joining your Windows 10 machine to your Work domain. Go to control panel – system properties and click on change settings.
On the system properties window, click on Network ID to join a Windows 10 machine to a domain. The Windows 10 domain wizard has been changed a bit. In the second window, enter a domain or workplace and select one of the options that describes your network.
Select “This computer is part of a business network I use to connect to another computer” or “This is a home computer; it’s not part of a business network“.
How to Rename Windows 10 Machine and How to Perform Domain Join for Windows 10 machine – Video
Select 1st option if you want a Windows 10 machine to a domain. Select the 2nd option if you wish to use a Windows 10 machine for the workplace.
Resources
Windows 10 is the Latest Version Of Client Operating System From Microsoft (anoopcnair.com)
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
How do you setup auto enrollment for Intune?
It’s there in the technet blog link provided at the bottom of the post
auto-MDM enrollment with Azure Active Directory (AAD) and Microsoft Intune more details 🙂 http://wp.me/p6lWkQ-3Q
I’ve joined AD on some devices and had to reset one of them, so now the connection is lost… Only problem is: this happened to be the only user on this device, I can’t log on any more… Any ideas about what I could do??
Please login as local Admin and disconnect and restart the PC you all set.
I do not have the Join Azure AD button on my Windows 10 Enterprise and it is driving me crazy
Anoop, I have the same issue that Greg has mentioned above. Is there a solution to this or do we join using the classical way of joining the domain ?
Are you using the latest version of Windows 10? 1607? Have yo already connected to WiFi… if you skipped the WiFi option then the AAD screen won’t come up…
I may have found out the issue. I tried to login with the ID I have in our Azure AD account and told me there was a problem. I have not setup the MDM yet and it tells me that in the error on why I’m not connecting. If after I get everything setup and have an issue, I’ll reach out. Thank you.
Nice Article. How it help to developer in terms of balance the day to day life.
Anoop,
This article was helpful but do have a challenge for you. When I set up a new machine recently I joined it to an Azure AD, but now actually need to join it to a domain. It does not appear the two can co-exist as when I try and join it to a domain, it wants me to disconnect from the Azure AD. However, when I try to disconnect from the Azure AD it wants alternate account info on the local machine. So would love some ideas as to how to get it connected to the domain and get it off Azure AD (or have both).
Thanks in advance!
Jeremy – I have not seen any requirement yet to have a device joined to On Prem Domain as well as Azure AD. Why do think, you need both?
If you have Azure AD connect syncing all identities from on prem AD to Azure AD, then that on prem AD is called Hybrid AD.
Hybrid AD join is similar to both Azure AD join as well as domain join. But it’s not same. From a functionality perspective, you can perform Azure AD authentication with Hybrid Domain join machines.
Yeah it’s normal that you need to have local account before disconnecting from Azure AD otherwise you won’t be able to login to Windows 10 machine.
Does that make sense?
Hello Anoop,
I have had a very mixed experience. One machine presented the option to join to Azure AD on the build from OEM 10 Pro boot up. The problem was that this machine could see our entire domain. Yet our Domain could not see this Azure AD connected machine. My second laptop did present an option to join Azure AD out of the box. I eventually found a link in the settings to join. However, the machine never changed from OEM Pro to Enterprise Subscription. I hope that you can shed some light on this.
Thanks,
David
Hi David – Can you explain a bit about “the machine could see our entire domain” and “Domain could not see this Azure AD connected machine”. What does that mean? You can’t see the Windows 10 machine in Azure AD portal or You can’t see the machine record in On Prem Domain? Or is this related to something else. There are couple of things here. 1. Do you have Hybrid Domain or AD (more details about the Hybrid AD in the above comment?) 2. Did you assigned Windows 10 enterprise license to that user from Azure AD? This is required to get the activation and conversion from Pro to Enterprise SKU of Windows.
Hi Anoop
I have a question , all the enrollment points back to OOBE or adding account manually. I have domain joined machines all windows 10 updated to latest OS, how i can i enroll all the devices to Intune.
thanks
Dalveer
Domain join machine can be enrolled using +connect option
so meaning this has to be done on invidiual machines , not other option to mass register 500 + machines ?
Group policy as I mentioned in the post
Is there a way to manually join Azure and Local Domain? I don’t want to use Autopilot right now.
https://www.anoopcnair.com/windows-10-azure-ad-join-manual-process-cyod/
Can a laptop be joined to local AD as well as Azure AD ? The purpose is to push group policy from local AD and windows pilot from InTunes. Is this possible ?
Jeremy wrote:
“This article was helpful but do have a challenge for you. When I set up a new machine recently I joined it to an Azure AD, but now actually need to join it to a domain. It does not appear the two can co-exist as when I try and join it to a domain, it wants me to disconnect from the Azure AD. However, when I try to disconnect from the Azure AD it wants alternate account info on the local machine. So would love some ideas as to how to get it connected to the domain and get it off Azure AD (or have both).”
And Anoop gave an incomplete answer – Anoop: You are assuming only 2 scenarios: 1. Hybrid & 2. Azure AD connected/joined; but this is not the only case! Please don’t asssume. Many of us fall into the 3rd category: NO ON-Prem at all. In other words, “Pure Azure AD,” with no hybrid, no synch, etc. THIS is the scenario many people are overlooking! THIS is the one we need to solve! We have ONLY Azure AD connected/joined workstations, but we need them to be “true domain-joined” directly to our Azure AD, but NOT via Hybrid (we have no on-premise); and NOT via “Azure AD Join.” We need the old-fashioned “direct-join to the AD domain,” which is the 3rd scenario and is possible. We have a number of workstations which were Azure AD-Joined; but we need to convert them to “direct domain join;” i.e., Properties, Network, “Join a domain.” And as Jeremy mentioned, this seems to be a problem, IF your workstations already are Azure AD-Connected/joined – it’s kind of a sticky situation. We have ONLY the Azure AD DS; but we need to ensure our workstations are directly joined to the Azure AD domain; so that we can see them on the AD DS OUs, and so that we can enforce group policy, etc. I know there are certain advantages to remaining Azure AD-Connected/Joined; but that presents other issues; and in that scenario, the workstation devices show up ONLY in Azure AD Portal; and not in any OUs in Active Directory Users and Computers. So, we have to take workstations, connect to VPN, then directly “join a domain;” which again, is that 3rd option that everyone seems to ignore.
[email protected] wrote
You are assuming only 2 scenarios: 1. Hybrid & 2. Azure AD connected/joined; but this is not the only case! Please don’t asssume. Many of us fall into the 3rd category: NO ON-Prem at all. In other words, “Pure Azure AD,” with no hybrid, no synch, etc.
There are two scenarios as per Microsoft documentation. Azure AD Join might have two categories:
Azure AD Join without any on-Prem AD. This situation is not sticky from device management perspective – this is the path many big organizations are still choosing because of several reasons. One of them is App remediation efforts and delay.
Azure AD Join with on-Prem AD