question

tarouchabi-7271 avatar image
0 Votes"
tarouchabi-7271 asked tarouchabi-7271 commented

Stand alone windows10 with intune.

Is the content that can be managed different between windows10 of azure ad join and windows10 of azure ad registered?

mem-intune-generalmem-intune-device-configurationsmem-intune-application-management
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Would you mind elaborate your issue in details?
Are you referring to the case when you use Azure AD and when you are Intune joined?
Intune also use Azure AD to authenticate the client but you have more management capabilities using Intune and Azure AD provides you with basic management functionalities.

0 Votes 0 ·

Yes. I use the intune.
Stand Alon Windows10 will be Azure AD Join. But, windows8 can't let Azure AD Join (Only Azure AD Registerd).
Intune function difference due to OS difference is acceptable. So, I want to know.
Is there any difference between Azure AD Join and Azure AD Registerd for Intune control in the same OS ver. ?

0 Votes 0 ·
Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered tarouchabi-7271 commented

There is no one to one comparison on differences but you may learn more here:
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
In case you are referring to policies , they are the same when you are running the same version of Windows.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm so grateful for that!

0 Votes 0 ·
CiciWu2-MSFT avatar image
0 Votes"
CiciWu2-MSFT answered tarouchabi-7271 commented

This is related to device identity management. It is the foundation for device-based Conditional Access. With device-based Conditional Access policies, you can ensure that access to resources in your environment is only possible with managed devices.

Azure AD Joined is for
Corporate owned and managed devices
Authenticated using a corporate id that exists on Azure AD
Authentication is only through AAD.

AAD Registed Device is for
Personally owned corporate enabled
Authentication to the device is with a local id or personal cloud id
Authentication to corporate resources using a user id on AAD.

There are some differences between Azure AD Join and Azure AD Registerd for Intune control. For example:
Azure AD registered devices utilize an account managed by the end user, this account is either a Microsoft account or another locally managed credential secured with one or more of the following.
o Password
o PIN
o Pattern
o Windows Hello

Azure AD joined or hybrid Azure AD joined devices utilize an organizational account in Azure AD secured with one or more of the following.
o Password
o Windows Hello for Business
For other differences, it is suggested to refer the following link:

What is a device identity?
Azure AD Registered vs Azure AD Joined
Note: Non-Microsoft link, just for the reference.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you very much.
Is there a difference in device-based conditional access?
And, Please let me know if you know. Does windows8.1 support azure ad registerd?

0 Votes 0 ·