question

JasonFritz-9524 avatar image
0 Votes"
JasonFritz-9524 asked ·

Joining mulitiple computers to Azure Active Directory

I am with a local IT Company

I am joining multiple computers from different companies to the Azure Active Directory. My question is for best practice, should I use our Administrative account to join to the Domain in our local Admin Account and then switch to get the users to login with their email address and password on the main screen or do I get the user that is primarily using the computer login to the Azure Active Directory as an Administrator in the local Admin Account and then switch accounts and allow him to login in.

I am using a local Admin account and then going to Edit Users and Access Work or School to connect to the Azure Active Directory.

I am afraid that if we deactivate the users account that we signed into the Azure Active Directory it will take the computer out of sync with Azure Active Directory. Also it is instantly making that person an Administrator when adding their email via access work or school/connect to Azure Active Directory. So some concerns too.

Just looking for best practices as well as answers.

Thanks

azure-active-directory
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, we are investigating your issue and will update you shortly.

Best,
James

0 Votes 0 ·

Hi @JasonFritz-9524 , can you please post a screenshot detailing your process?

To clarify, you sync'd from on-prem, but before the sync you made a user that was identical to the one that was on-prem, on AD? And the after the sync your new user is the .onmicrosoft.com user?

Please let me know and I can help you further.

Thank you,
James

0 Votes 0 ·

72571-image.png



Should I use the email for the user the computer is going to be using it primarily or should I use out Global Administrator Account to connect it to the Companies Azure Active Directory.

Both users are in the Azure Active Directory for the company. I know that who ever gets put on the computer first is the Admin for the computer with those rights. I don't really want this.

And then two, if I need to allow the user I create admin privileges after signing them in with their email account; where is that? Or is that in the profile in the Azure Active Directory Management.

0 Votes 0 ·
image.png (29.4 KiB)

1 Answer

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered ·

Hi @JasonFritz-9524 , I recommend Bulk enrollment for Windows 10. This will allow you to join the devices to Azure AD without providing admin rights to primary user. You can also use the autopilot feature for joining Windows 10 machines to Azure AD. Refer to this page for comparison between join options. I hope this helps! Please let me know if you have any questions.

If this answer helped you, please mark it as "Verified" so other users may reference it.

Thank you,
James


· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That sounds great. Thanks

0 Votes 0 ·