Azure Identity And Access Management Part 7 – Azure Active Directory – Manage Device Identity 2 – Azure AD Joined
Hello All,
Hope you all are doing good!!! .
First of all thanks you all for your comments and suggestions for our previous series Learn Basics Of Azure Networking In 60 Hours.
In our last article of Azure AD series, we have discussed, about Azure Active Directory – Manage Device Identity 1 – Overview. Today In this article, we will continue with one more important and crucial topic of Azure AD Device Identity is configuring Azure AD Join .
If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.
Part 1 – Azure Active Directory – Overview
Part 2 – Azure Active Directory – Enterprise Users
Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell
Part 4 – Azure Active Directory – Create Azure AD Extension Attribute Using Power-Shell
Part 5 – Azure Active Directory – Bulk Update of Azure AD User Profile Using PowerShell
Part 6 – Azure Active Directory – Manage Device Identity 1 – Overview
Next Article : Part 8 – Azure Active Directory – Manage Device Identity 3 – Azure AD Registered
Azure AD Joined :
As we have discussed in our last article, the goal of Azure AD Device is to manage user’s personal devices in Azure AD and allow our users to take advantage of Bring Your Own Device (BYOD) service. In these scenarios, our user can bring their own device and access our organization’s cloud applications such as Azure portal, Office 365 etc, which are protected by Azure Active Directory.
Also we discussed how to get a device in Azure AD, we have multiple options. and Azure AD Joined is one of them.
Devices that are Azure AD Joined are owned by an organization, and are signed in with an Azure AD account belonging to that organization. It support devices with following two Operating System.
- Windows 10
- Windows Server 2019 (Server core is not supported)
Exercise :
In this exercise we will start by showing you how to join an Azure AD with a Windows 10 Device. We have following informations with us .
- Window 10 device’s host name :- ” MyDeviceToJoin”
- User Name :- Uday@manasmoharanagmail.onmicrosoft.com
- Azure AD Directory Name :- Default Directory
Step 1 : – In our first step, let’s check few things before adding a device to our Azure AD.
As we can see in the following figure, there is no device added to our default directory. To see this, Log-In to portal — > Azure Active directory — > Devices.
Figure 1 – Azure Identity and Access Management -IAM-Azure Active Directory – No Azure AD Joined
Now let’s login to our Window 10 device which we want to join and check it’s Host name in command prompt by using HostName cmdlet and use DsRegCmd/Status to know the status of device in command prompt as shown in the following figure.
In the above figure we can see the value of AzureADJoined = No.
Step 2 :- Before we proceed with the configuration, lets first verify if organization’s Default Directory Device Setting , allowing to join devices for user or not. If the setting is not there, we need to allow it before proceed to join a device. As showing in the following figure it allowing All users to join their device.
Step 3 : – As we saw the required device setting is in place. So let’s start joining our Windows 10 device. Open Settings of our device and go to Accounts as shown in the following figure.
Step 4 : – From left navigation of the window click Access work or school and press + Connect to proceed with the configuration as shown in the following figure.
We can see in the following figure, we have two options to enroll our personal device . We can either go for Azure AD Register Device or Azure AD Join Device.
Step 5 : – In this article we are discussing about Azure AD Joined option. So let’s click ” Join the device to Azure Active Directory” link .
Step 6 : – In the next window, it will ask for your organization’s user id. In our case the mail id is ‘ Uday@manasmoharanagmail.onmicrosoft.com ‘ and click Next button .
Step 7 :- As shown in the following figure, we need to provide the password to proceed with the configuration and click Next.
Step 8 :- After providing the credential, it will try to connect to the organization’s Azure active directory to validate the Azure directory’s Device Settings. In Step 2, We have verified that all user can join the device. Once successfully validated, it will ask, if we want to join the device with Azure AD or not. Click Join button to proceed with the configuration as sown in the following figure.
Step 9 :- Now we are almost done from our side. If everything goes well, we will get a confirmation message as shown in the following figure and read the message carefully as we need to do that after this step and click Done button to close the window.
Step 10 :- As described in the above message, to complete the configuration we should restart our computer. It should now allow to log-in with our organization’s credentials (Uday@manasmoharanagmail.onmicrosoft.com).
Step 11 : – So Far So Good , we will now check if the device is successfully joined or not . First let’s check in our Window 10 device using same command prompt as we did in our initial step using ‘DsRegCmd/Status‘ cmdlet .
As you can see in the above figure, this time the value of AzureADJoined = Yes . Also we can see the device details including device id in azure portal. As shown in the following figure, we can see there is a connected device under Connect button, which was not there, before joined the device.
Step 12 :- let’s check in Azure Portal, as shown in the above figure, we can now see, there is one joined device and the name is like our host name ” MyDeviceToJoin” and the owner is Uday Joshi.
In the above figure , it shows the details of the device in azure portal . It is the same information which we saw in command prompt of joined Device.
Note :
- The process to join Azure AD may look different depending on the Windows 10 version.
- We should make sure that , we have an internet connection while joining the computer to Azure AD.
As I am exploring the Azure Identity and Access Management (IAM), please let me know if I missed anything important. In my next article we will continue one more feature of Azure IAM .
Next Article : Part 8 – Azure Active Directory – Manage Device Identity 3 – Azure AD Registered
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.
Thanks for reading 🙂 .
You must log in to post a comment.