Configuring Azure Active Directory for AD Join
Microsoft has made sweeping structural changes within the new Microsoft Azure portal. Gone are the large icons and vertical-ribbon design found in Microsoft Office. In the new portal, you will find an experience made for IT professionals, including condensed management panes, more flexible layout customization capabilities, and more configuration options. The elements seen on the right-hand side of the new Microsoft Azure Dashboard screen shot below (figure 1) are customizable.
One of the most common tasks when setting up new all-cloud domains is joining a Windows device to an Azure Active Directory (Azure AD) instance. In this blog, we will examine the process of enabling the joining of machines to Azure AD and joining a Windows 10 device through the new Azure portal.
Enabling Azure Active Directory Device Enrollment
We will assume you have already set up your Azure domain. If you have not, please see the Microsoft TechNet article, Azure Active Directory Initial Setup.
Azure Active Directory is the future of Active Directory – fully supporting BYOD (Bring Your Own Device) and remote workers, while reducing the need for hands-on IT setup and support.
In the new Microsoft Azure portal, Azure Active Directory now features a vertical menu pane with more options than ever before. To start, open Azure Active Directory and navigate to the Users and groups section. See figure 2 below.
Notice the plethora of management sections.
Within the Users and groups section, navigate to Device settings. See figure 3 below.
It may seem odd to find a hardware-related option in a Users and groups menu, and it has been suggested that Microsoft make Device settings a child of the overarching Azure Active Directory parent group.
But within Device settings, you will find the option to enable Azure AD device enrollment – highlighted in figure 4 below. Based on your company policy, you can allow all users to enroll their devices in Azure AD, or just selected users and groups.
There are several other options within the Device settings category which we will not dive into today. However, you will notice that in our demo tenancy, we have configured some advanced features:
- Specified the addition of an administrator account to the local administrator group on the Azure AD enrolled device
- Set up Intune Mobile Device Management – because of this, users are required to register their own devices with Azure AD when Intune is added. This section has been greyed-out due to this requirement
- Included an Azure Active Directory Premium subscription in our trial tenancy, which allows us to specify data sync settings across devices for individual users
At this point, we have completed the setup within Microsoft Azure. In Part 2, we will move onto the joining of the Windows 10 device.
To learn more about RSM’s consulting services and managed services offerings, please visit our website. You can also contact RSM’s technology and management consulting professionals at 800.274.3978 or email us.
This is Part 1 of our 2-part series on Joining Windows 10 Devices to the New Microsoft Azure Active Directory. Please see this link for Part 2.