KB ID 0001596
Problem
With more people looking at Microsoft 365 (as opposed to Office 365), then the amount of people who want to Join Azure AD with their Windows machines is only going to go up. This is how to join your Windows and BYOD client devices to Azure AD.
There are essentially 3 WAYS to Join Azure AD.
- Azure AD Join: Used for corporate assets. Windows Only! (Can be managed by Intune) Users log in with their Azure AD account only.
- Azure AD Registration: Used for BYOD devices Windows/macOS/Android etc. (Can be managed by Intune). Users log in with their local credentials.
- Hybrid Azure AD Join: Used for corporate assets you want to manage with GPO (or SCCM). Windows Only. These assets will be in a local (traditional on-premises domain).-WARNING: These devices require periodic sight of your on-premises AD, (or they become unusable). The Local domain needs to be connected to Azure AD with an Azure AD Connector.
Solution
Join Azure AD: Azure AD Join
Start > Settings > Accounts..
Access Work or School > Connect.
STOP! If you put your credentials in here you will Not join the machine to Azure AD you will perform an Azure Workplace Join (or be Azure Registered) that’s NOT WAHT WE WANT > Select “Join This Device to Azure Active Directory‘.
Enter your Azure AD/Office 365 Credentials > Next.
Join.
Done.
The machine will now show that it’s connected to.Azure AD
Note: The login screen now changes to ‘Sign in to: Your Work or School account‘.
Join Azure AD: Azure AD Register
Start > Settings > Accounts..
Access Work or School > Connect.
Enter your O365/M365/Azure credentials
Then after authenticating you ‘should’ see this.
How To Leave / Disconnect From Azure AD
Same place as above, select the connection and simply click ‘Disconnect‘.
Join Azure AD: How To Hybrid Join Azure AD
To Hybrid Azure AD join your machines to Azure AD, (this means they will already be in you local (traditional on-premises) domain, and then ‘additionally’ joined to Azure AD also. So your local domain needs to be syncing to Azure AD with Azure AD Connect. And you machines need to be Windows 10 (or Windows 8 with some additional requirements!)
You configure Hybrid Azure AD Join on the Azure AD Connector, like so;
Locate Your Azure AD Connect Server
Launching Azure AD from the Azure AD connect icon, will pause replication and allow you to make changes, locate ‘Configure Device Options’
Next >authenticate to Azure > Next.
Device Options > Configure Hybrid Azure AD Join > Next.
Next > Select Windows 10 (unless you have Windows 8 then theres some other hoops you have to jump though for that though) > Next
Tick you local domain > Edit >Authenticate to AD (with an Enterprise Admin account) > Next.
Exit.
Now, be patient and wait it can take a while for your devices to start appearing in Azure, when they do that will look like this;
12/10/2021
There is a tool to migrate local user (documents, desktop ecc…) after have joined AAD (365)?
Thanks
Or must copy manually?
13/10/2021
Migrate them where? your only storage would be OneDrive, or Sharepoint or CIFS?
20/07/2022
If you are looking to move a local profile to a domain joined one, check out ProfWiz from ForensiT. It’s a free tool that will do what you are looking for.