The process of joining an Azure Active Directory (AAD), starting with Windows 10 build 1703, has changed.
Why Azure AD Domain Join?
There are a number of benefits of joining AAD so you are able to use your Azure AD / Office 365 login:
- Centralized login credentials, especially nice with multiple devices
- Eliminate Office 365 and Azure-based login prompts when accessing word-based resources (e.g. Single Sign-On or SSO).
- Enterprise-based roaming of user settings across joined devices without the need for a Microsoft Account (e.g. account.microsoft.com).
- Access to Windows Store for Business using the AAD account.
- Doesn’t require a Windows Domain Controller (Windows Active Directory, or WAD) for smaller businesses.
If you are an enterprise (or even a smaller business with local authentication services on Windows AD, you can connect AAD to WAD and automatically link devices via Group Policy to AAD.
This requires allowing devices to join the Azure Active Directory. This is done via the Azure AD Portal. Navigate to Azure Active Directory and Devices, and finally Device settings.
Notice that the setting Users may sync settings and app data across devices is missing. This is because Intune and AAD Premium are not being used.
Without this setting being enabled, on Windows 10, the following will be displayed (Sync is not available for your account. Contact your system administrator to resolve this.) to end users with respect to Syncing your settings (which is available when a Microsoft Account is used).
Azure AD Domain Join
Windows 10 devices can join AAD for centralized authentication and limited management (unless you have an Intune Subscription).
Click on Start and then Settings. Click on Accounts.
Click on Access work or school. Click on Connect.
Click on Join this device to Azure Active Directory link:
Ignore the fact that the title states Microsoft account, which could be confused with a Microsoft Account. This is the right place for using AAD logins.
Enter in your AAD login (email address) and click Next button:
Enter in the password for the account and click Sign in button (noting that your screen will look slightly different, depending on the branding done on the AAD side of things):
Confirm you are joining the right organization and click Join button:
If all goes well, you will receive a confirmation message and can click Done.
You are now connected to the domain AAD (so the account is technically AzureAD\email@example.com using the previous examples).
It is recommended you restart your computer and login with the new login by clicking Other user on the login screen and entering the email address of your AAD login.