Join Windows 10 to Azure Active Directory

In today’s Ask the Admin, I’ll show you how to join Windows 10 to Azure Active Directory (AAD) and why you might want to do that.

Organizations that mainly use SaaS apps based in the cloud, such as Office 365, might consider allowing users to join devices to AAD — the identity management service that powers Office 365 and other cloud-based platforms. The key advantage for users is that they get single sign-on access to Office 365 web apps and other programs that support the Web Account Manager, such as the built-in Mail app in Windows 10.

Other scenarios where AAD domain join might come in handy is for temporary contractors who need access to cloud-based apps, or when permanent employees buy their own devices but would still like simplified access to corporate apps but without joining the device to an on premise Active Directory domain.

Microsoft Intune and Mobile Device Management

Organizations also benefit by being able to extend management capabilities to devices joined to Azure AD. Mobile Device Management (MDM) support is built-in to Windows 10, and while not as extensive as Active Directory Group Policy, MDM might provide enough control in many cases. Microsoft Intune is a separate subscription service that allows companies to manage Windows 10 devices in the cloud without needing an onsite AD infrastructure.

Join Windows 10 to Azure AD

As part of the out-of-box-experience (OOBE) setup procedure in Windows 10, users have the option to join the device to AAD. This requires valid AAD credentials and that AAD be configured to allow users to join devices.

Alternatively, follow the instructions below to join Windows 10 to AAD using the Settings app.

• Log in to Windows 10 as a local administrator.
• Click the Start button.
• Click Settings in the bottom left corner of the Start menu.
• In the Settings app, click System.

• Click About on the left of the System screen in the Settings app.
• Click Join Azure AD on the right.
• In the Join Azure AD dialog, click Continue.
• On the Let’s get you signed in screen, enter your Azure AD username – in the following format: [email protected] – and password, and then click Sign in.
• Read the information on the Allow this device to be managed? screen and click Accept.

If MDM device registration is configured, the user will also have to accept the MDM terms of use.

• Sign out of the local user account.
• Click Other user at the bottom of the login screen.
• Enter the credentials of an Azure AD user.