Connect windows 10 home to azure ad free. How to setup and log in Windows 10 to Azure AD

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Tags : Azure AD , Windows Leave a comment How to join a Windows 10 computer to your Azure Active Directory. We will start by showing you how to join an Azure AD when you install Windows 10 for the first time. This guide is based on Windows 10 Pro, version Start the Windows 10 installation as usual. Choose Set up for an organization. Open Settings, go to Accounts and Access work or school and press Connect.

Press Join this device to Azure Active Directory. Enter your mail address and press Next, on next screen you have to enter your password. Once you are done with the wizard you should restart your computer.

It should now work to logon with your company credentials. The Azure administrator have to accept that users can join their devices to the Azure AD. The process to join Azure AD may look different depending on your Windows 10 version. Make sure you have an internet connection while joining the computer to Azure AD. Byty You can start from here. Windows Login Problems. Struggling to login into Windows 10? Do you use an email address to login?

They are multiple way to authenticate to Windows at the Windows logins screen but only one may work or contain your profile data. Email address, local user account, and domain account are the methods for authentication.

Click the link above to see which method works for you. Azure Active Directory is the gateway into Intune. Follow this guide to get more context as to why Mobile Device Management is more important now than ever. Then learn how to join devices to Azure AD and how Intune sometimes is added at the same time. Get acquainted with the subscription licensing structure. PS — Office in most cases will be rebranded as Microsoft after April Best practice setup of network environment.

What is Azure AD? At the heart of Azure AD, it is nothing more than an identification management service. A free Azure Active Directory subscription comes default with Office or now known as one many suite of options in the Microsoft line of products. The free version does not include the Sign-ins activity report. Important note Some more advanced features may specifically require Windows Server When available, this document will be updated in accordance to reflect such dependencies.

As of this writing, Windows Server is a prerelease software. You can start investigating Windows Server Technical Preview 4. Important note Individual virtual machines VMs are needed to separate the services provided on the network and to clearly show the desired functionality.

This being said, the suggested configuration to later evaluate the “Azure AD Join” is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab networking environment. Any modifications that you make to the configuration details provided in the rest of this document may affect or limit your chances of successfully setting up the on-premises collaboration environment that will serve as the basis for the previously outlined scenarios.

Microsoft has successfully built the suggested environment with Azure IaaS, and Windows Server R2 virtual machines. Once completed the aforementioned whitepaper’s walkthrough, you’ll have in place an environment with a federated domain in the Azure AD tenant e.

You will have to choose in lieu of a domain name of your choice whose DNS domain name is currently not in used on the Internet. For checking purpose, you can for instance use the domain search capability provided by several popular domain name registrars. Note Windows Server R2 offers businesses and hosting providers a scalable, dynamic, and multitenant-aware infrastructure that is optimized for the cloud.

These VMs will enable you to create snapshots so that you can easily return to a desired configuration for further learning and experimentation. For the sake of simplicity, the same password ” pass word1 ” is used throughout the configuration. This is neither mandatory nor recommended in a real world scenario. The base configuration should now be completed at this stage if you’ve followed the whitepaper’s walkthrough.

You are now in a position to notably configure the Azure AD Join capability with federated identities thanks on your on-premises test lab environment. Windows 10 Home isn’t able to join a domain. Important note The above does not mean that Pro and Enterprise cannot join a traditional WSAD domain on-premises in the traditional manner. During the out-of-box experience OOBE illustrated later in this document, you can bypass Azure AD Join, create a local account, and join your device in the traditional manner.

Important note As stated on the page, you will need Windows product key. For information about product keys and when they are required, see Frequently Asked Questions. Note For additional information, see Installing Windows 10 using the media creation tool. To ease the evaluation of the various user experiences, we advise building an individual virtual machine VM with the technology of your choice. For that purpose, this document will leverage the Hyper-V virtualization technology as available in Windows and Windows Server products, and more specifically Client Hyper-V.

Note The Windows 8. But instead of working directly with the computer’s hardware, the operating systems run inside a VM. Client Hyper-V is the same computer virtualization technology that was previously available in Windows Server. In Windows 8. For the sake of brevity, we do not illustrate how to create such a virtual machine via the ISO file download in the previous step. This walkthrough provides instructions for testing the new capabilities provided for corporate owned devices for joining Azure AD.

As already noticed, joining a Windows 10 device to Azure AD allows you to simplify Windows deployment and access to your organizational apps and resources from that corporate owned device. This represents a new way to configure and deploy corporate owned Windows devices. For that reasons, and as previously covered, two models are provided to organizations:.

Please ensure that all the prerequisites mentioned earlier in section Building a test lab environment are fulfilled at this stage. Indeed, whilst the former model only supposes that you’ve provisioned your Azure AD test tenant — unless you’d like to conduct some testing with a federated identity -, the latter requires and leverages the optional “on-premises” test lab environment deployed in Azure as per section entitled Building an on-premises test lab environment Optional.

Before considering these two models, let’s start by configuring the common settings for the Azure AD test tenant. As stated in the previous section, enabling multi-factor authentication for the Azure AD Device Registration Service requires a prior configuration of the related solution. Beyond the above links to the relevant documentation, this document doesn’t further illustrate the related configuration. For the sake of brevity, we do not illustrate this optional feature in the “Azure AD Join” process.

By default, Mobile Device Management for Office is not activated when you sign up for your Office account. To activate and setup Mobile Device Management for Office , proceed with the following steps:.

Note For additional information, see the Microsoft TechNet article Create and deploy device security policies. This is the case in the suggested test lab environment if you’ve decided not to implement the optional steps outlined in section Building an on-premises test lab environment Optional.

In this case, you only have the default domain e. Otherwise, if you’ve rather opted to configure the equivalent of the vanity domain litware If you’ve added the records already, you’re all set.

After you add these records in your domain registrar, users in your organization who sign in on their device with an email address that uses your custom domain can register to your Azure AD tenant and then be redirected to enroll in Mobile Device Management for Office Our new user kellys litware You can copy and paste the password from here or email it to the user.

Note Passwords emailed from this screen are sent as clear text and may not be secure. In a production environment, encourage the user to change their password as soon as possible. If this is the first time you have used the account, you will be prompted to change your password. If you’d like to optionally configure a multi-factor authentication, you’ll have to allow the users to prove who they say they are when performing the “Azure AD Join” process. If so, proceed with the following additional optional steps:.

Your Azure AD tenant along with additional services are now configured at this stage. This allows a user to join their Windows 10 device to Azure AD. This section provides instructions for configuring and testing the “Azure AD Join” model for corporate owned devices. As Windows authenticates to Azure AD in the cloud, one should note that this model works with both cloud and federated identities.

As far as the latter is concerned, it requires and leverages the optional “on-premises” test lab environment deployed in Azure as per section Building an on-premises test lab environment Optional.

In this case, the authentication is delegated to the on-premises identity infrastructure. The next sections guide you through these two scenarios and their pre-requisites if any and describe in the context of our test lab environment each of these related steps.

This section will take what you’ve learned and configured so far and build upon it by demonstrating how you can join a Windows 10 device to your corporate owned Azure AD tenant. As you will see, this brings significant flexibility and cost savings to the deployment process within the organization. End-users will be able to automatically Azure AD join during the initial startup experience, i. The experience will be slightly different for both.

See later in this section. This section requires a new installation of Windows 10 so you can walk through the out-of-box experience OOBE. Note Based on the image you may have built as part of the setup of the test lab environment, you can manage the various installations suggested in this document by leveraging for instance the checkpoints features of the Client Hyper-V environment on your local Windows machine.

A sign-in to the Azure AD tenant will automatically authenticate cloud users. With all the above in mind, let’s walk through the out of box experience OOBE. Proceed with the following steps:. The above two options and depending upon your choice will determine what resources you can access:. The above two options and depending upon your choice will determine how to connect Windows 10 to your organization:. Note This would be a good place to create a checkpoint of your virtual machine in the event you make a mistake or would like to see what a mistake looks like.

Note If the organization specifies a custom Terms of Use, the user will need to consent to continue through enrollment.

Note Some organizations may choose to download apps and policy as part of the “Azure AD Join” process, once the device is enrolled in the MDM solution, and as per solution features. We illustrate here the latter one. You can off course select the one that is the most appropriated in your own context. Note The Azure Authenticator allows you to secure your account with two-step verification.

With two-step verification, you sign in using something you know your password and something you have your mobile device. For additional information on Azure Authenticator app, see the blog post Try the new Azure Authenticator application! Note Microsoft Passport, formerly called Next Generation Credentials or NGC constitutes a long-term initiative for Microsoft to aid in securing credentials making Windows 10 the most secure Windows Microsoft have shipped.

Microsoft Passport is specifically to remove the need to enter user name and passwords for all compliant websites, applications, and resources. For that purpose, Microsoft Passport seeks to change the raw user credential from a symmetric, memorized secret to an asymmetric, hardware TPM 1. Unlocking this key with a gesture will provide users access to resources without using passwords.

For the IT professional, Microsoft Passport means an ability to get strong authentication guarantees similar to virtual smart cards from both corporate-owned and personal, a. BYOD devices, with a significantly reduced deployment and management burden. Microsoft Passport adds the ability to manage various aspects of this, such as PIN complexity and reset. From a technology perspective, Microsoft Passport is a container of keys.

The keys and container are managed as securely as the platform permits, which means hardware-bound where possible. Each key requires authentication at key-specific intervals ranging from per transaction to once every set amount of time. Note For additional information, see the blog post Azure Active Directory and Windows Bringing the cloud to enterprise desktops! The main difference with the previous section lays in the fact that a sign-in to the Azure AD tenant will automatically authenticate federated users with their on-premises corporate identity infrastructure.

For this to work with our on-premises test lab environment, the computer will need the following:. Important note Administrator have the ability to require a multi-factor authentication MFA of the end-users during a device registration process such the “Azure AD Join” or the “Add a work account to Windows” Workplace Join.

There are separate policies for allowing users to perform “Azure AD Join” or “Add a work account to Windows” but the MFA policy is global for all device registration processes.

When this flag is set to true, a second factor authentication — in addition to the password – is expected to be performed by the organization’s identity infrastructure on-premises. Conversely, if the flag is set to false then the second factor authentication is rather expected to be performed by Azure MFA service. Likewise, if the flag is not set, it is assumed to be false. This is because the on-premises multi-factor authentication server is attempted to be used rather than the Azure MFA service.

In our optional configuration for the test lab environment, the AD FS sign-in page is then displayed after a successful redirection. If the user doesn’t have network connectivity during OOBE, and wants to join the corporate owned device to Azure AD once a network is available, the user can leverage the system Settings.

 
 

Add computer to Azure AD step by step – Microsoft Q&A.Azure AD & Windows Better Together for Work or School

 
replace.me › Microsoft › Azure. The easiest way to accomplish it is to disconnect it from any network, then apply Microsoft’s generic W10 Pro key ” VK7JG-NPHTM-C97JM-9MPGT-.

 

Connect windows 10 home to azure ad free. How to join a Windows 10 computer to your Azure Active Directory

 
replace.me › Microsoft › Azure. The easiest way to accomplish it is to disconnect it from any network, then apply Microsoft’s generic W10 Pro key ” VK7JG-NPHTM-C97JM-9MPGT-.