Published by


Kari's Avatar
PhD in Malt Based Liquids


Location: A Finnish expat in Germany
Posts: 14,847

Show Printable Version 


information   Information
First, a bit longer quote to explain Azure AD:

Azure Active Directory (Azure AD) provides an easy way for businesses to manage identity and access, both in the cloud and on-premises. Your users can use the same work or school account for single sign-on to any cloud and on-premises web application. Your users can use their favorite devices, including iOS, Mac OS X, Android, and Windows. Your organization can protect sensitive data and applications both on-premises and in the cloud with integrated multi-factor authentication ensuring secure local and remote access.

Azure AD extends your on-premises directories so that information workers can use a single organizational account to securely and consistently access their corporate resources. Azure AD also offers comprehensive reports, analytics, and self-service capabilities to reduce costs and enhance security. The Azure AD SLA ensures that your business runs smoothly at all times and can be scaled to enterprise levels.
Quote from Azure Active Directory

In Windows 10, an Azure AD user account is called a Work or school account. It is a so called organizational account provided to you by your employer, school or organisation as part of their Office 365 or Microsoft 365 Business, Enterprise, Education or Government subscription.

Joining a Windows 10 PC to Azure AD means you must sign in to Windows using your Azure AD credentials and is mainly intended to be used on devices which are solely used for work or study purposes and often owned by the employer or school.

Registering a Windows 10 PC on Azure AD means you will continue signing in to Windows with your personal local or Microsoft account, but in addition can access employer / school resources with single sign-on Azure AD credentials. Registering instead of joining is mostly intended to be used when employees / students are allowed to use their own devices for work or studies like in BYOD (Bring Your Own Device) companies and schools, or just to allow employees / students do work / school stuff from home.

To join to or register on Azure AD requires Windows 10 PRO, Education or Enterprise edition.

This tutorial will show how to either join your Windows 10 PC to Azure AD, or how to register it on Azure AD.




Join Windows 10 PC to Azure AD Contents Join Windows 10 PC to Azure AD
 Click links to jump to any part


Part One: Join Azure AD from Windows Setup (new PC / clean install)
Part Two: Join Azure AD from existing installation
Part Three: Register on Azure AD from Settings
Part Four: Register on Azure AD from an app




Join Windows 10 PC to Azure AD Part One Join Windows 10 PC to Azure AD
 Join Azure AD from Windows Setup (new PC / clean install)

1.1) On Windows 10 PRO edition when creating initial user account on new PC or after a clean install, select Set up for an organisation:
Click image for larger version. 

Name:	image.png 
Views:	136 
Size:	241.2 KB 
ID:	179615

This selection is not shown in Education and Enterprise editions.

1.2) Sign in with your Azure AD account credentials:
Click image for larger version. 

Name:	2018_03_05_22_17_001.png 
Views:	175 
Size:	222.3 KB 
ID:	179618

1.3) Depending on your employer / school security settings, you might be requested to create a PIN. Notice that minimum length for an Azure AD PIN is 6 digits.

1.4) Finish Windows Setup as usual. When on desktop, you will see that your device is joined to Azure AD, and your user account is an Azure AD account:
Click image for larger version. 

Name:	2018_03_05_22_27_491.png 
Views:	117 
Size:	218.4 KB 
ID:	179621
Click image for larger version. 

Name:	2018_03_05_22_30_262.png 
Views:	67 
Size:	182.7 KB 
ID:	179626





Join Windows 10 PC to Azure AD Part Two Join Windows 10 PC to Azure AD
 Join Azure AD from existing installation


2.1) If you have already set up Windows 10 using a local or or Microsoft account and need to join Azure AD, open Settings > Accounts > Access work or school and click Connect:
Click image for larger version. 

Name:	2018_03_05_22_53_081.png 
Views:	192 
Size:	247.8 KB 
ID:	179633

2.2) Select Join this device to Azure Active Directory:
Name:  2018_03_05_22_55_212.png
Views: 8071
Size:  202.4 KB

2.3) Sign in with your Azure AD credentials:
Name:  2018_03_05_22_56_233.png
Views: 8021
Size:  120.1 KB

2.4) Click Join after checking that information is correct:
Name:  2018_03_05_22_58_274.png
Views: 8018
Size:  71.6 KB

2.5) Depending on your employer / school security settings, you might be requested to create a PIN. Notice that minimum length for an Azure AD PIN is 6 digits.

2.6) All done, your device is joined to Azure AD:
Name:  2018_03_05_23_02_035.png
Views: 8003
Size:  110.0 KB





Join Windows 10 PC to Azure AD Part Three Join Windows 10 PC to Azure AD
 Register on Azure AD from Settings

3.1) If you have already set up Windows 10 using a local or or Microsoft account and need to register on Azure AD instead of joining it, open Settings > Accounts > Access work or school and click Connect:
Click image for larger version. 

Name:	2018_03_05_22_53_081.png 
Views:	192 
Size:	247.8 KB 
ID:	179633

3.2) Enter your Azure AD email address and click Next:
Name:  2018_03_05_23_46_331.png
Views: 7976
Size:  251.4 KB

3.3) Enter your password, and PIN if required. Notice that minimum length for an Azure AD PIN is 6 digits. Depending on your organisation's security settings, you might also be required to enter a verification code sent by text message or email:
Name:  2018_03_05_23_38_191.png
Views: 7982
Size:  100.9 KB

3.4) To finish the registration process, you will be asked to enter the password for your current local or Microsoft account:
Name:  2018_03_05_23_40_372.png
Views: 7972
Size:  29.8 KB

3.5) Your Windows user account (local or Microsoft) is now connected to / registered on Azure AD:
Click image for larger version. 

Name:	2018_03_05_23_42_113.png 
Views:	133 
Size:	206.1 KB 
ID:	179650





Join Windows 10 PC to Azure AD Part Four Join Windows 10 PC to Azure AD
 Register on Azure AD from an app

4.1) Most Microsoft UWP apps allow to sign in using an Azure Ad account. When signing in, you can choose if you want to register your PC on Azure AD or just sign in to app in question instead.

For instance, you can sign in to Windows Store with Azure AD credentials:
Click image for larger version. 

Name:	2018_03_06_00_06_301.png 
Views:	57 
Size:	200.7 KB 
ID:	179654

4.2) Enter your Azure AD email address, click Next and in following prompt enter your password:
Name:  2018_03_06_00_14_231.png
Views: 7988
Size:  164.7 KB

4.3) In next prompt, if you select Skip for now (#1 in screenshot below), you will be signed in to just app in question, Store in this example and your device will not be registered on Azure AD.

However, if you choose to click Yes (#2), your device will be registered on Azure AD exactly as if you had followed instructions in Part Three above:
Name:  2018_03_06_00_18_532.png
Views: 7978
Size:  245.0 KB



That's it geeks! Do not hesitate to post your questions in this thread.

Kari