Windows 11 Azure AD Join Manual Process Windows 10

Let’s check the process of Windows 11 Azure AD Join scenario step by step guide. This is applicable for Windows 10 devices as well. Many automated Azure AD join options are using Windows Autopilot, etc.

I’ve explained the manual process of Windows 11 Intune enrollment for the scenario. In the post, you will learn how to join Windows 10 or Windows 11 to Azure AD manually. Yes, you can perform Windows 10 Azure AD enter manually.

Free Intune Training – 63 Episodes Of Free Intune Training Endpoint Manager For Device Management Admins

Also, we will come to know How to enroll Windows 11 devices to Microsoft Intune. We can still use the old control panel system properties method to join a Windows 10 machine to the domain.

However, the wizard is changed slightly compared to Windows 7. Domain join is the old classical way of joining your Windows 10 or Windows 11 machine into your Work domain.

So what is the newest trend of Domain join 🙂 It’s AAD join, Azure Active Directory join (AAD is a SaaS solution by Microsoft for identity management).

When your organization has an Azure AD subscription and MDM solution like Intune, you can join your modern Windows 10 devices to AAD.

Video – Azure AD Join with Intune Enrollment for Windows Devices

Azure AD Join Process and Intune Auto Enrollment for Windows 11 | Licensing Details | Manual Provisioning process explained in this video! The example given is using the settings app of Windows 11.

• Azure AD Join Vs Hybrid AAD Join
• Licensing Details
• Provisioning
• Intune Auto-Enrollment

NOTE! – Some of the screenshots are taken from Windows 10. But the steps to follow are the same for Windows 11 and Windows 10. I will try to update the screenshot as soon as possible.

Prerequisite Checks – Before Windows 11 Azure AD Join

The following is the recommendation you should consider before trying Windows 11 Azure AD Join and enrolling in Intune. Windows 11 or 10 Azure AD join scenario is used mostly for CYOD scenarios.

• License -> Windows 11 Pro or Enterprise versions are supported for Azure AD Join.
• Intune, Azure AD subscription, setup, and configuration should be completed.
• EMS or M365, or any other relevant license should be assigned to the corporate ID that you are going to use for Windows 10 or 11 Intune enrollment
• The user might need administrator access to enroll the Windows 10 or 11 devices into Intune.
• Register the CNAME if you are using a custom domain (not required if you are using .ONMICROSOFT.com ID, as I showed in this post and video)

Differences between Azure AD Join Vs. Azure AD Registered Vs. Hybrid Azure AD

Let’s check the differences between Azure AD Join Vs. Azure AD Registered Vs. Hybrid Azure AD Windows 11 or Windows 10 devices.

Azure AD joined – The Windows devices Joined only to Azure AD requiring an organizational account to sign in to the Windows 11 or Windows 10 device. This is supported for All Windows 11 and Windows 10 devices except Home editions.

Azure AD Registered – Devices registered to Azure AD without requiring an organizational account to sign in to the device. The users can log in with their personal Microsoft ID or local to Windows 11 or Windows 10 devices.

Hybrid Azure AD Joined – The Windows Joined to on-premises AD, and Azure AD requires an organizational account to sign in to the Windows 11 or Windows 10 device. Hybrid Azure AD joined devices require network line of sight to your on-premises domain controllers periodically. Login to Hybrid Azure AD and join widgets with organizational ID.

Windows 11 Azure AD Join Step by Step process

Let’s understand Windows 11 Azure AD Join Step by Step process. In this section, you will see how to Join Windows 11 device to Azure AD. In this video guide, you will see how to perform Windows 10 Azure AD join and Intune enrollment.

The following steps will help you to complete the Azure AD join. The next steps are the manual process to add Windows 11 Azure AD join.

NOTE! – I recommend following the Windows 10 OOBE or Windows Autopilot process for more sophisticated Windows 11 or Windows 10 AAD Join process for your organization.

When you start the process of joining Azure AD with Windows 11 or 10, there are two ways to achieve this. First, you can go to Settings –> Accounts –> Work Access and click on Join or Leave Azure AD link.

• Login to Windows 11 with an Administrator account.
• Go to Start and click the Start button -> Settings.
• Select Accounts > Access work or school.
• Click on Connect button to start the Windows 11 Azure AD join process.

You need to click on Join this Device to Azure Active Directory link from Alternate Actions to set up a work or school account window. You need to log in to Windows 11 or Windows 10 PC with Microsoft account to complete this step manually.

Follow the following steps to complete the end-to-end process of the Windows 11 Azure AD Join scenario.

You need to provide a Work or School ID used for Office 365 or any other Microsoft cloud or business solutions on this page. I entered my cloud ID (Azure AD user ID) and password and clicked on the Sign-in button.

• Enter Corporate Email ID and press the Next button.

• Enter the password and click on Sign-In.
• Click on Next to start the Azure AD registration process.

NOTE! – In Some scenarios, the user will get redirected to the third-party IDP (identity provider – PING, etc.) or ADFS if the password hash is not synced with Azure AD. This depends on the authentication configuration of users organization.

When your organization has enabled multi-factor authentication (MFA) on Azure AD, you will receive a verification call on your mobile number, and you need to answer that call and press # to complete the authentication process.

If MFA is not enabled, the Azure AD join wizard will ask you to check and confirm your organization’s name and details. Once you are sure about the organization Azure AD domain, you want to join.

• Click on the Join button from the popup Windows. Make sure this is your organization.

The user must wait some time to complete the Windows 11 Azure AD join process.

The Windows 10 or 11 machines will connect to Azure AD and complete the authentication and AAD join process. This may take some time, depending on your internet speed. 

Click on the Done button to Finish Windows 11 Azure AD Join process.

To complete the Azure AD join process, you must follow the Restart instructions to restart the Windows 11 PC.

NOTE! – Once the Windows 11 or Windows 10 PC is restarted, you/the user will be able to log in to the PC with corporate credentials.

All finished now. 🙂 Windows 11 machine has joined Azure AD.

Click on a finish to complete the process. You can have auto-enrollment enabled for Microsoft Intune when machines join Azure AD.

Windows 10 or Windows 11 Azure AD Join Manual Process Verification

To confirm Azure AD join,  you can go to Settings –> Accounts –> Access Work or School and confirm whether your organization name is showing up there or not.

You can click on that button and check the Azure AD sync details to see whether policies are getting synced or not.

How to Enroll Windows 11 Devices Automatically into Intune?

You can manually enroll Windows 11 devices into Intune using the method I explained in my previous blog post – Windows 11 Intune Enrollment Process Using Company Portal Application Settings App.

I have explained the Windows 11 automatic Intune enrollment process in this video tutorial. So the Automatic Intune enrollment process should be done from the Azure portal.

NOTE! – You might need Global Admin/Appropriate access to set this Intune auto-enrollment up from the Azure portal.

• Log in to the Azure portal, and select Azure Active Directory.
• Select Mobility (MDM and MAM) > Microsoft Intune.
• Select any of the 3 three (Windows 10 or 11 Auto Enrollment) options from the configurations blade
  • None – Default – If this option is selected, then Windows 10 or 11 Intune Auto-Enrollment is DISABLED
  • Some – If this option is selected, then Windows 10 or 11 Intune Auto-Enrollment is allowed only for a group of Azure AD users.
  • All – If this option is selected, then Windows 10 or 11 Intune Auto-Enrollment is allowed for All Azure AD users in your tenant
• Click on the Save button to complete the process.

NOTE! – You can also use Group Policy (Auto MDM Enrollment with AAD Token) to enroll Windows 10 1709 or later Windows 10 and 11 Devices to Microsoft Intune. 

Video – Windows 10 Intune Manual Enrollment Process

I have explained the manual Intune enrollment process in my previous blog. I have some of the same in the below video.

Results – Windows 11 Azure AD Join and Intune Enrollment

You can check the status of your Windows 11 Azure AD join and Intune Manual enrollment from two places.

Windows 11 Azure AD Join – User View

The first place to look at the results is the Windows 11 Settings page.

Settings > Accounts > Access work or school. Check whether you can see the Azure AD Joined Windows 10 or 11 Device, and It’s also Intune Enrolled. Following are the two connections I could see.

• Connected to Default Directory’s Azure AD (Windows 11 Azure AD Joined)

Windows 11 Azure AD Join – Admin View

The second place to look at Windows 10 or 11 Azure AD Join results is from the Azure AD portal – Users or Devices pane or Intune blade.

Check whether you (admin) can see whether the device is Azure AD Joined.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.