Azure AD Joined Devices: A Step-by-Step Guide
In our comprehensive blog post, we will learn what is Azure AD join device, how to join a device with Azure AD, and how to verify device state when it is successfully joined with Azure AD.
Table of Contents
Watch the video
To learn Azure AD Join process and how to join devices with Azure AD (Microsoft Entra ID), please watch this video on our YouTube channel.
What is Azure AD Joined device
Azure AD Joined devices are the devices those are owned by an organization. We can join these devices to Azure AD (Microsoft Entra ID) so that an administrator can apply Intune policies to control the configuration on these devices, or we can apply Conditional Access policies on these devices.
In case of Azure AD Registered Devices users login to the machines with their personal account, but in Azure AD joined devices users login to these machines with their Azure AD credentials.
Supported Operating Systems
Below operating systems are supported in Azure AD join scenario:
Windows 10,11 (Home Edition is not supported)
Windows Server 2019 VMs running in Azure.
How to Azure AD join a Windows device
There are 2 ways to join a device to Azure AD. You can join a device to Azure AD at the time of Operating System installation or post Operating System is installed. I will show you both ways to join a device with Azure AD.
First way to Azure AD join a Windows device is to adding Azure AD account in settings. On Windows machine go to Settings, click Accounts, click Access work or school and click Connect.
On the Set up a work or school account click Join this device to Azure Active Directory.
When prompted, enter your Azure Active Directory (Microsoft Entra ID) credentials.
Once you are successfully authenticated, on the next page you will see the domain name to which your device will be joined. You can see your username and the user type that will be using this device.
On the next page the wizard will tell you that the device is connected to your domain.
Now to complete the Azure AD join process, you need to login to the device using Azure Active Directory credentials, and the device will be joined to Azure AD.
To verify the Azure AD join device, go to Azure Active Directory and go to Devices.
Azure AD join Windows device while installing Operating System
The other way to Azure AD join a Windows device is while installing the Operating System. On the Accounts page of the Windows 10 Operating System installation wizard, select Set up for an organization and click Next.
On the next page type your Azure AD username and click Next. When prompted for password, type password for your Azure AD account and click Next.
Upon successful authentication, you will be asked to setup Windows Hello pin for this device to login. Follow the instructions and setup Windows Hello pin.
Verify Azure AD Join device
To verify Azure AD Joined device, open Command Prompt on the machine and run DSREGCMD /STATUS and press Enter.
In the below image you can see AzureAdJoined is set to YES that indicates the device is successfully joined with Azure AD.
When we join a device to Azure AD, a PRT token (Primary Refresh Token) is sent to the device. PRT token is a JSON token that is used to enable Single Sign-On on the devices. On the same screen if you scroll down, you will see AzureAdPrt attribute. As you can see in the below image this attribute is set to YES, that means single sign-on is enabled on the device.
Conclusion
In this blog you learnt what is Azure AD joined device and how to join a device with Azure Active Directory. You might like our other blog on Azure AD registered device.
If you found this article helpful and informative, please share it within your community and do not forget to share your feedback in the comments below. Please join us on YouTube for the latest videos on Cloud technology and join our Newsletter for the early access of the blogs and updates.
Happy Learning!!