Set up Azure Active Directory joined devices

With device management in Azure Active Directory (Azure AD), you can ensure that your users are accessing your resources from devices that meet your standards for security and compliance. For more information, see Introduction to device management in Azure Active Directory.

If you want to bring work-owned Windows 10 devices under the control of Azure AD, you can accomplish this by configuring Azure AD joined devices. This topic provides you with the related steps.

Prerequisites

To join a Windows 10 device, the device registration service must be configured to enable you to register devices. In addition to having permission to joining devices in your Azure AD tenant, you must have fewer devices registered than the configured maximum. For more information, see configure device settings.

What you should know

  • Windows joins the device in the organization’s directory in Azure AD.

  • You might be required to go through multi-factor authentication challenge. This challenge is configurable by your IT administrator.

  • Azure AD checks whether the device requires mobile device management enrollment and enrolls it if applicable.

  • If you are a managed user, Windows takes you to the desktop through the automatic sign-in.

  • If you are a federated user, you have to sign-in using your credentials.

Joining a device

This section provides you with the steps to join your Windows 10 device to your Azure AD. If you have successfully joined your device to Azure AD, your Access work or school dialog indicates this with a Connected to <your Azure AD> entry.

Connected

To join your Windows 10 device:

  1. In the Start menu, click Settings.

    Settings

  2. Click Accounts.

    Accounts

  3. Click Access work or school.

    Access work or school

  4. On the Access work or school dialog, click Connect.

    Connect

  5. On the Setup a work or school account dialog, click Join this device to Azure Active Directory.

    Connect

  6. On the Let's get you signed in dialog, enter your account name (for example, someone@example.com), and then click Next.

    Let's get you signed in

  7. On the Enter password dialog, enter your password, and then click Sign in.

    Enter password

  8. On the Make sure this is your organization dialog, click Join.

    Make sure this is your organization

  9. On the You're all set dialog, click Done.

    You're all set

Verification

To verify whether a device is joined to an Azure AD, you can review the Access work or school dialog on your device.

Connected

Alternatively, you can run the following command: dsregcmd /status
On a successfully joined device, AzureAdJoined is Yes.

Connected

You can also review device settings on the Azure AD portal.

Connected

For more information, see locate devices.

Next steps

For more information, see: