Months ago I wrote a blog about Azure AD Join.
Let’s have a look what the user experience is.
I have a lot of questions why a company should do Azure AD Join. Azure AD Join is typically a solution in CYOD or road warrior scenarios where you want to give your users the best experience.
If you talk about Azure AD Join it’s all about Single Sign-On, let’s have a look.
The user logs in with his AD Password into the machine. As from then he has SSO to its resources that are powerd by Azure AD.
User logs in with his AD Password
The machine is still a WORKGROUP machine
User goes to “myapps.microsoft.com” without entering any password and can hit the titles to open the app of his choice, again without entering any password.
When opening the Store SSO kicks in again, his Company tab is visible and the user can see which Apps are available to him for installation.
Thanks to Azure AD Join the machine is automatically enrolled into Intune, so the machine is managed as a Mobile Device.
As this is a Hybrid Environment the PC is appearing into Configuration Manager.
OMA-DM is your key to do advanced MDM in case you cannot find specific settings in the UI. I think about Patch Management for instance through MDM Channel.
This was a big challenge for Windows 8.1 non-domain joined tablets for instance.
More info about OMA-DM in Windows 10 you can find here:
Other more general MDM Policies are coming in as well, for instance to set a PIN. (Multi-Factor Auth)
Azure AD Join is a solution for people that don’t get often in the office. These kind of users have typically issues regarding user experience and the administrator has challenges to manage these devices. With Azure AD Join and Intune you have an answer for these challanges.
Till next time!