Windows 10 Azure AD Join
Q: (from John)
You had also mentioned that Windows 10 is now more greatly integrated with Azure. Do you have any white papers on what the integration is?
I’m seeing this question come up more often as our Windows 10 sales exceed 270M copies. What is driving the question: “Do I still need an on-premises domain controller for my customer?” The answer is technically “no”. There are several examples where a virtual machine hosted in the Azure cloud can provide all of the Active Directory services needed. But all you’ve really done is move the Active Directory Domain Controller from on-premises to the cloud; a great first step, but not REALLY what you are often looking for.
The real goal is, can I do all of my user and machine authentication through Azure AD, and let someone else maintain the AD infrastructure. For those of you who follow this, Azure AD is responsible for user authentication for services like Office 365 and CRM Online. But we aren’t there for machine objects. We can, however, offer the ability to join Windows 10 machines into an Azure AD. Here is a blog post from last year by my peer Josh Condie (https://blogs.technet.microsoft.com/uspartner_ts2team/2015/06/19/win10-authentication-evolution-empowered-by-azure-active-directory/) that has a great summary of the Windows 10 services provided by Azure AD. And if you are looking for more detailed steps in the process: https://blogs.technet.microsoft.com/ad/2015/05/28/azure-ad-join-on-windows-10-devices/