Configuring Microsoft Entra Join
With Microsoft Entra Join, you can join devices directly to Microsoft Entra without the need to join your on-premises Active Directory in a hybrid environment. While Microsoft Entra hybrid join with an on-premises Active Directory might still be preferred for some scenarios, Microsoft Entra Join simplifies the process of adding devices and modernizes device management for your organization. This can result in the reduction of device-related IT costs.
Your users may have access to corporate assets through their devices. To protect these corporate assets, you want to control these devices. This allows your administrators to ensure that your users are accessing resources from devices that meet your standards for security and compliance.
Microsoft Entra Join is a good solution when you want to manage devices with a cloud device management solution, when you want to modernize your application infrastructure, when you want to simplify device provisioning for geographically distributed users, and when your company adopts Microsoft 365 as the productivity suite for your users.
Microsoft Entra Join Methods
Microsoft Entra Join can be employed through any of the following methods:
- Bulk deployment: This method is used to join large numbers of new Windows devices to Microsoft Entra and Microsoft Intune.
- Windows Autopilot: This is a collection of technologies used to preconfigure Windows 10 and later devices so that the devices are ready for productive use. Autopilot can also be used to reset, repurpose, and recover devices.
- Self-service experience: This is also referred to as a first-run experience, which is mainly used to join a new device to Microsoft Entra.
Microsoft Entra Join Management
When it comes to joining devices to Entra ID, there are two main ways of managing them:
- MDM only: This is when the device is managed exclusively by an MDM provider such as Intune.
- Co-management: This is when the device is managed by an MDM provider and Microsoft Configuration Manager.
Microsoft Entra Join Scenarios
When joining a Windows 10 device to Microsoft Entra, there are two scenarios that you need to look at:
- Joining a new Windows 10 or later device via the Out-of-Box Experience (OOBE)
- Joining an already configured Windows 10 or later device to Microsoft Entra
- Now that you understand what Microsoft Entra Join is and does, we will take a look at how to configure it.
Configuring Microsoft Entra Join
To follow this exercise, you will require either a virtual machine or a physical machine that has Windows 10 Pro installed and access to the internet.
You will now join an existing Windows 10 device to Microsoft Entra, as follows:
- On the Windows 10 device, search for
Settingsand openAccounts. - Select
Access work or school, and then clickConnect:
Figure 2.23: The Windows 10 settings menu to add and connect a device
- Enter the email address of the account you are setting up, and then click on
Join this device to MicrosoftEntra ID.
Figure 2.24: Selecting Join this Device to Microsoft Entra ID
- On the
Sign inwindow that pops up, enter your user principal name (UPN) (usually the email address of the user account you created earlier in the chapter). For this exercise, use thedemouser1account created previously. ClickNext.
Figure 2.25: Signing into Microsoft Entra
- You will be asked to confirm whether the organization you are joining and the details entered are correct, as per the following screenshot. If so, click
Join.
Figure 2.26: Confirming your organization details
- You will now be joined and momentarily presented with a success screen. Click
Done.
Figure 2.27: A confirmation message for Microsoft Entra Join
- When you navigate back to the
Access work or schoolsettings window, you will see that you are now joined to your organization. This will show something similar to the following screenshot with the connected organization. Note that the Entra ID wording will soon change to reflect Microsoft Entra.
Figure 2.28: Your connected organization on Microsoft Entra
- Finally, navigate to the Azure portal and the
Devicesblade for Microsoft Entra ID. SelectAll devicesfrom the left menu, and you will then see your newly joined device appear:
Figure 2.29: Displaying the recently joined Windows 10 devices
That brings an end to this section. You have learned what Microsoft Entra join is and the methods used to enroll, and you have also walked through the steps to manually join a Windows 10 device to Microsoft Entra.
Note
You are encouraged to read further by using the following links, which will provide additional information about Microsoft Entra Join, Windows Autopilot, and bulk device enrollment:
https://learn.microsoft.com/en-us/entra/identity/devices/concept-directory-join
https://learn.microsoft.com/en-us/autopilot/windows-autopilot
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll
https://learn.microsoft.com/en-us/entra/identity/devices/device-join-out-of-box
Next, we will look at what bulk operations are and how to perform them.
