Windows 10 Azure AD Join Manual Process – CYOD

1
Windows 10 Azure AD Join Manual Process

I’ve explained the manual process of Windows 10 Intune enrollment for BYOD scenario. In the post, you will how to manually join Windows 10 1809 device to Azure AD. Yes, you can perform Windows 10 Azure AD join manually.

Helpful PostLearn Intune Device Management (Intune Starter Kit)

NOTE! – Manual Intune enrollment process is explained in my previous post https://www.anoopcnair.com/windows-10-intune-enrollment-manual-process/

TL;DR

Prerequisite Checks – Before Windows 10 Azure AD Join

The following is the recommendation which you should look into before trying to Windows 10 Azure AD Join and enroll into Intune. Windows 10 Azure AD join scenario is used mostly for CYOD scenarios.

  • Intune, Azure AD subscription, setup, and configuration should be completed
  • EMS or M365 or Any other relevant license should be assigned to the corporate ID which you are going to use for Windows 10 Intune enrollment
  • The user might need administrator access to enroll the Windows 10 device into Intune
  • Register the CNAME if you are using a custom domain (not required if you are using .ONMICROSOFT.com ID as I showed in this post and video)

How to Join Azure AD from Windows 10 Device

In this section, you are going to see how to Join Window 10 device to Azure AD. In this video guide, you will see how to perform Windows 10 Azure AD join and Intune enrollment.

Check out the following link if you are wondering what is the difference between Azure AD Registration & Azure AD join.

The following steps will help you to complete the Azure AD join. The following steps are the manual process to add Windows 10 1809 devices into Azure AD.

NOTE! – I would recommend following Windows 10 OOBE or Windows Autopilot process for more sophisticated Windows 10 AAD Join process for your organization.

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school
  • Click on Join this Device to Azure Active Directory link from Alternate Actions
  • Enter Corporate Email ID and Password
  • Click on Next to start the Azure AD registration process
  • Click on JOIN button from the popup Windows Make sure this is your organization.
  • Click on DONE button to Finish Windows 10 Azure AD Join process

How to Enroll Windows 10 Devices Automatically into Intune?

You can manually enroll Windows 10 devices into Intune using the method which I explained in my previous blog post here.

I have explained the Windows 10 automatic Intune enrollment process in this video tutorial. So the Automatic Intune enrollment process should be done from the Azure portal. I have a more detailed process in the previous post here.

NOTE! – You might need to have global admin/appropriate access to set this Intune auto-enrollment up from Azure portal.

  • Login to Azure portal
  • Go to Azure AD Blade
  • Select the Mobility (MDM and MAM)
  • On the Applications blade, you would be able to see Microsoft Intune. Click on Microsoft Intune
  • Select the any of the 3 three (Windows 10 Auto Enrollment) options from the configurations blade
    • None – Default – If this option is selected, then Windows 10 Intune Auto Enrollment is DISABLED
    • Some – If this option is selected, then Windows 10 Intune Auto Enrollment is allowed only for a group of Azure AD users
    • All – If this option is selected, then Windows 10 Intune Auto Enrollment is allowed for All Azure AD users in your tenant
  • Click on Save button to complete the process

NOTE! – You can also use Group Policy (Auto MDM Enrollment with AAD Token) to enroll Windows 10 1709 or later Windows 10 Devices to Microsoft Intune. 

Video – Windows 10 Intune Manual Enrollment Process

I have explained the manual Intune enrollment process in my previous blog post here. I have some the same in the below video.

Results – Windows 10 Azure AD Join and Intune Enrollment

You can check the status of your Windows 10 Azure AD join and Intune Manual enrollment from two places.

User View

The First place to look at the results is the Windows 10 Settings page.

Settings>Accounts > Access work or school. Check whether you can see the Azure AD Joined Windows 10 Device and It’s also Intune Enrolled. Following are the two connections I could see.

  • Connected to Default Directory MDM (Intune Enrolled)
  • Connected to Default Directory’s Azure AD (Windows 10 Azure AD Joined)

Admin View

Second place to look at the results of Windows 10 Azure AD Join is from Azure AD portal – Users or Devices pane or Intune blade.

Check whether you (as admin) can see whether the device is Azure AD Joined and MDM enrollment (Intune managed).

Resources

1 COMMENT

  1. Hello Anoop,
    Thanks for the detail information that really helps.
    I have a question. Is there a way to manage all windows 10 devices that are falling from our on-premises domain through Intune. We have some users in our environment and there laptop are falling from the domain since they don’t connect to VPN on a regular basis.

    Thanks
    Asher.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.