In this post, we’ll see how we can join a Windows 10 device to Azure AD.
We have configured the prerequisites like Automatic MDM enrollment and CName validation in earlier posts.
Existing setup done:
- Two Local users created
- Azure AD Connect configured
- Seamless Single Sign-On (IE) configured
- Seamless Single Sign-On (Firefox) configured
- Hybrid Azure AD Join configured
- Intune enrollment – Domain Joined Windows 10 devices
- SkyDC: Machine with ADDS, DNS, DHCP role
- SkyCON: Machine where we will install Azure AD Connect
- SkyCM: Machine with Configuration Manager Current Branch
- SkyTEN1: Domain Joined Windows 10 machine
- SkyTEN2: Domain Joined Windows 10 machine
- SkyTEN3i: Domain Joined Windows 10 machine (to be Intune Managed)
- SkyTEN4i: Domain Joined Windows 10 machine (to be Intune Managed)
Install Windows 10 1903 freshly and follow the wizard:
Select your region and click Yes.
Select the Keyboard layout and click Yes.
If you want to add second Keyboard layout, click Add layout else click Skip.
Select Set up for an organization and click Next.
Enter your Organization ID and click Next. I have used one of the on-premises user id.
Enter password and click Next.
Select appropriate option.
Select appropriate option and click Accept.
Windows Hello for Business provisioning comes by default. Click on Set up PIN.
As MFA for this account was not used before, MFA was not registered. This wizard will let the MFA be registered for this account. If MFA is already registered for this account, it will get triggered.
Enter your contact number and click Next.
Enter the verification code you receive on your mobile device and click Verify.
Enter the PIN and click OK.
Right Click on Window icon and click System. Scroll down till you get Device specification.
Click Rename this PC to rename it.
Follow this for all device which you want to do Azure AD join.