Last Update: Sep 04, 2024 | Published: Sep 13, 2021
Registering Windows 10 devices with an identity provider, like Azure Active Directory (recently renamed Microsoft Entra ID), is an important part of including endpoints in the Zero Trust security model.
In this article, I’m going to show you how to join Windows 10 to Azure Active Directory. You will 1) join an existing Windows 10 device with Azure Active Directory using the Settings app in Windows 10. You can also join an new device to Azure Active Directory as part of the out-of-box setup experience (OOBE).
In a previous article, I showed you how to register Windows 10 with Azure Active Directory (AD). Devices registered with Azure AD are usually Bring Your Own Device (BYOD). Registration is supported not just on Windows 10 but also iOS, Android, and macOS. But when you join a Windows 10 device to AAD, users sign in to Windows using their organizational work or school account from the lock screen, either using a password, Windows Hello for Business, or FIDO2.0 security keys. It’s important to understand the difference between register and join when talking about Azure AD.
The security landscape is changing quickly as more users are working remotely and using their own devices. Without a robust security model in place, endpoints can easily become the weakest link in your organization’s security.
Microsoft’s identity-centric Zero Trust solution requires that every user accessing an application must be verified. Zero Trust requires that all requests for access, regardless of where they originate, must be verified as if they come from an untrusted network.
Joining Windows devices to Azure AD provides a centralized location to manage all your security policies, view devices, associated risks, and compliance status.
To join a new Windows machine, you must follow the ‘out of the box experience’ process. The steps involve logging into the machine with your corporate email address, approving the device from your mobile, and configuring the device settings.
The steps to join an existing corporate device to Azure AD are as follows: