Azure Identity And Access Management Part 8 – Azure Active Directory – Manage Device Identity 3 – Azure AD Registered
Hello Everybody,
In our article ,we have discussed on, how to configure Azure AD Joined . Today In this article, we will continue with Azure AD Device and discuss how to enroll a personal device using Azure AD Registered.
If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.
Part 1 – Azure Active Directory – Overview
Part 2 – Azure Active Directory – Enterprise Users
Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell
Part 4 – Azure Active Directory – Create Azure AD Extension Attribute Using Power-Shell
Part 5 – Azure Active Directory – Bulk Update of Azure AD User Profile Using PowerShell
Part 6 – Azure Active Directory – Manage Device Identity 1 – Overview
Part 7 – Azure Active Directory – Manage Device Identity 2 – Azure AD Joined
Next Article : Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)
Azure AD registered :
Azure Active Directory (Azure AD) device registration is the foundation for device-based conditional access scenarios. When a device is registered, Azure AD provides it with an identity that is used to authenticate it when the user signs in. The authenticated device and the device attributes can then be used to enforce conditional access policies for applications.
Users may register their devices with Azure AD. We need to configure this setting to allow following devices to be registered with Azure AD.
- Windows 10
- iOS
- Android
- MacOS
Exercise :
In this exercise we will go through a Lab and will discuss, how to register a Windows 10 device with Azure AD. We have following information with us to proceed with the configuration.
- Window 10 device’s host name :- ” DESKTOP-QB6NADT”
- User Name :- Uday@manasmoharanagmail.onmicrosoft.com
- Azure AD Directory Name :- Default Directory
Note : I have used my Tablet ( with Window 10 OS) as my personal device. it has some issue to take screens shot so I have taken photo of the screen using my Mobile. for that reason, the quality of some photo is not up to the mark.
Step 1 : – In our first step, let’s check few things before adding a device to our Azure AD.
As we can see in the following figure, there is one device already enrolled in Azure AD and the join type is Azure AD Joined. We have configured that device in our Azure AD Joined Lab. To see this information, Log-In to portal => Azure Active directory => Devices.
Now let’s login to our Window 10 device which we want to register and check it’s Host Name in command prompt by using HostName cmdlet as shown in the following figure.
Step 2 :- Before we proceed with the configuration, let’s first verify, whether organization’s Azure Device Settings, allowing users to register devices or not. In the following figure we can see , in my environment, it has a default setting and it allows all user to register their device.
Step 3 : – We are now ready to proceed with registering, our Windows 10 device. Open Settings of our device and go to Accounts as shown in the following figure.
Step 4 : – From left navigation of the window click Access work or school and press + Connect to proceed with the configuration as shown in the following figure.
We can see in the following figure, we have two options to enroll our personal device . We can either go for Azure AD Register Device or Azure AD Join Device.
Step 5 : – In this article we are discussing about Azure AD Registered option. So let’s provide user’s User Id. In our case the User id is ‘ Uday@manasmoharanagmail.onmicrosoft.com ‘ and click Next button.
Step 6 :- As shown in the following figure, we need to provide the password to proceed with the configuration and click Next.
Step 7 :- After providing the credential, it will try to connect to the organization’s Azure active directory to validate the Azure directory’s Device Settings. In Step 2, We had verified that all user can register the device. Once validated, it will show successful register message. Click Done to close the window, as showing in the following figure.
Step 8 : – So Far So Good , we will now check if the device is successfully registered or not . First let’s check in our Window 10 device as shown in the following figure, it enrolled the device for the provided user.
Step 12 :- If we check in Azure Portal, as shown in the following figure, we can now see, there is one registered device and the name is like our host name ” DESKTOP-QB6NADT” and the owner is Uday Joshi and the join type is Azure Ad Registered.
In the following figure, it shows the details of the registered device in azure portal.
As I am exploring the Azure Identity and Access Management (IAM), please let me know if I missed anything important. In my next article we will continue one more feature of Azure IAM . I hope these posts helps you to get some basic ideas on managing Azure Ad Devices.
Next Article : Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.
Thanks for reading 🙂 .
good one