Add my Machine to Azure AD out of the box

If you are setting up a new machine and you have Office 365, Azure AD, Intune or CRM why not Azure AD join it and get all the benefits!?

8 - Azure AD Enrollment — or who manages your PC?

6 - Azure AD Enrollment — Supports ADFS ofcourse

11 - Azure AD Enrollment — notice here who Printer, Network Drives and WiFi settings have been pushed!

Here is the whole thing in a Sway:

haukeberg

I enjoy computer gaming, zombie movies and mindless action scenes.

Author archive Author website

May 18, 2016

Coding without code, Enterprise Mobility Suite, Windows

Azure AD, Azure AD Join

4 thoughts on “Add my Machine to Azure AD out of the box”

Add yours

alexlondon79
June 22, 2016 at 1:11 pm

Reply

Is there a way to do this without associating the device with the administrator account?

It would be nice to be able to pre-provision devices to join Azure AD, but then be assigned to certain users or groups.

LikeLike

Reply
- haukeberg
  June 22, 2016 at 6:32 pm
  
  Reply
  
  No, not at this time. The first user that logs on to the device will be administrator.
  If you want to pre-provision users you have to use domain join.
  
  Azure AD Join is not meant for BYOD devices where the user is adept enough to be an admin.
  
  If you need to demote users from admin to users it probably means that your users are not ready for BYOD.
  
  LikeLike
  
  Reply
  - alexlondon79
    June 22, 2016 at 8:44 pm
    
    Thanks for your reply.
    
    Do you know if this functionality is going to change/improve in the near future?
    
    Is the assumption that Azure AD will only be used with BYOD?
    
    Also there is an inconsistency in the user experience, if you are the first user to Azure AD join the device, you have Admin rights, if you are a subsequent user, then you have standard access.
    
    Wouldn’t it make sense to either give all Azure AD users administrator rights, or give all Azure AD users standard access. It seems that the solution that exists is a mix of two different approaches.
    
    LikeLike
  - haukeberg
    June 22, 2016 at 11:12 pm
    
    You are right Azure AD join is targeted for BYOD and capable Information Workers.
    Self Service > Automation
    It’s expected that the user does things for himself.
    
    You can add additional “support/service” admins to any Azure AD Joined Machine. You do that in the azure console here: http://manage.windowsazure.com
    
    Since its your BYOD device, all other “roaming” users that log on to that machine will be standard users. Hence Azure AD join is not a good alternative for Roaming users on few devices. E.g. a classroom.
    If you need other admins you can Inject admins ad-hoc in the management console, link above.
    
    LikeLike

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Add my Machine to Azure AD out of the box

haukeberg

4 thoughts on “Add my Machine to Azure AD out of the box”

Add yours

Leave a Reply Cancel reply

Howie Tweets

Follow Blog via Email

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Add my Machine to Azure AD out of the box

Nyttig? Vis det til flere!

Like this:

haukeberg

4 thoughts on “Add my Machine to Azure AD out of the box”

Add yours

Leave a Reply Cancel reply

Howie Tweets

Follow Blog via Email