Share via

Are there Error logs when disconnecting from Azure AD

Anonymous
2023-06-17T06:24:21.6266667+00:00

Hi team, arre there Error logs when disconnecting from Azure AD, if so where can I have a look at logs when for devices that cannot be disconnected, many thanks in advance J

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2023-06-20T10:27:51.6033333+00:00

    @Anonymous From your query above I could understand that you are looking for logs to review with Azure AD join/leave events.

    Please do let me know if this is not the case by responding in the comments section.

    • Retrieve the join status by running "dsregcmd /status" in admin CMD

    DomainJoined:

    YES This field indicates whether the device is joined to an on-premises Active Directory.

    NO, the device can't do hybrid Azure AD-join.

    WorkplaceJoined

    NO This field indicates whether the device is registered with Azure AD as a personal device (marked as Workplace Joined). This value should be NO for a domain-joined computer that's also hybrid Azure AD-joined.

    YES, a work or school account was added before the completion of the hybrid Azure AD-join. In this case, the account is ignored when you're using Windows 10 version 1607 or later.

    AzureAdJoined

    YES This field indicates whether the device is joined. The value will be YES if the device is either an Azure AD-joined device or a hybrid Azure AD-joined device.

    NO, the join to Azure AD hasn't finished yet.

    • In Event Viewer, open Applications and Services Log > Microsoft > Windows > User Device Registration.
    • Applications and Services Log > Microsoft > Windows > AAD
    • For any actions taken from AAD kindly use Azure AD audit logs:

    User's image

    • Audit Activities using the Graph API: https://graph.windows.net/<tenantdomain>/activities/auditActivityTypesV2?api-version=beta

    To unjoin the device from Azure AD kindly follow:

    • Unjoin an Azure AD joined device locally on the device : Settings > Accounts > Access Work or School. Select your account and select Disconnect and Reboot.
    • For hybrid Azure AD joined devices, make sure to turn off automatic registration in AD using the Controlled validation article. Open a command prompt as an administrator and enter dsregcmd.exe /debug /leave. Or run this command as a script across several devices to unjoin in bulk.

    Please do let me know if you have any further queries by responding in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.