Autopilot is generally used for deploying and managing new or reset Windows devices, allowing you to customize the out-of-box experience and apply specific configurations, including Azure Active Directory (AAD) join. However, if you have 150 non-domain-joined Windows 10 Pro systems that are already in the field and you want them to be joined to Azure AD (Entra ID), Autopilot might not be the most straightforward solution. Instead, consider these options:
- Entra ID Join via Azure AD Access Panel
This approach involves manually joining each system to Azure AD:
Manual Azure AD Join:
On the Windows 10 Pro device, go to Settings > Accounts > Access work or school.
Click Connect and select Join this device to Azure Active Directory.
Sign in with the Azure AD credentials.
Follow the prompts to complete the Azure AD join.
This method can be time-consuming if done manually for all 150 systems. However, it is effective for smaller numbers of devices and requires no additional tools.
- Use Microsoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formerly Intune) allows you to manage devices and push configurations, including Azure AD join. This is suitable for large-scale deployments:
Enroll Devices in Endpoint Manager:
Ensure you have the necessary licenses to manage devices with Endpoint Manager.
Configure a device management policy that specifies Azure AD join for existing devices.
Distribute the Endpoint Manager enrollment package or application to the field devices, allowing them to be managed by Endpoint Manager.
Automate Azure AD Join through Endpoint Manager:
Create an enrollment profile that specifies Azure AD join.
Deploy the profile to the existing devices via a script or user instructions.
Use Endpoint Manager's policies and configurations to ensure devices comply with Azure AD join requirements.
Endpoint Manager provides more automation and centralized management, making it ideal for large-scale deployments. It also allows for further device configuration and compliance management.
- Custom Deployment Script
If Endpoint Manager is not an option, you can create a custom script to join devices to Azure AD:
PowerShell Script for Azure AD Join:
powershell:
$aadTenantID = "<Your Tenant ID>"
$aadUsername = "<Your Azure AD Username>"
$aadPassword = "<Your Azure AD Password>"
$securePassword = ConvertTo-SecureString -String $aadPassword -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList $aadUsername, $securePassword
Add-Computer -DomainName $aadTenantID -Credential $credential -Force
Deploy this script to the field devices and ensure it runs with administrative privileges. Be cautious with storing and handling credentials securely.