Pre-provision Microsoft Entra join: Allow users to join devices to Microsoft Entra ID

Windows Autopilot for pre-provisioned deployment Microsoft Entra join steps:

  • Step 2: Allow users to join devices to Microsoft Entra ID

For an overview of the Windows Autopilot for pre-provisioned deployment Microsoft Entra join workflow, see Windows Autopilot for pre-provisioned deployment Microsoft Entra join overview.

Note

If users are already allowed to join devices to Microsoft Entra ID, skip this step and move on to Step 3: Register devices as Autopilot devices.

Allow users to join devices to Microsoft Entra ID

In order for Windows Autopilot to work, users need to be allowed to join devices to Microsoft Entra ID. Allowing users to join devices to Microsoft Entra ID can be configured in the Azure portal:

  1. Sign in to the Azure portal.

  2. Select Microsoft Entra ID.

  3. In the Overview screen, under Manage in the left hand pane, select Devices.

  4. In the Devices | Overview screen, under Manage in the left hand pane, select Device Settings.

  5. In the Devices | Device settings screen that opens, under Users may join devices to Microsoft Entra, select either All or Selected:

    • If All is selected, all users can join their devices to Microsoft Entra ID.

    • If Some is selected, only users specified under Selected can join their devices to Microsoft Entra ID. To add users:

      1. Select the link under Selected.

      2. In the Members allowed to join devices page that opens:

        1. Select Add.

        2. In the Add members window that opens:

          1. Select the desired users and/or groups to add.

          2. Once all of the desired users and groups are selected, select Select to close the Add members window.

        3. Select OK.

        Note

        Any selected groups must be a Microsoft Entra group that contains user objects.

  6. In the Devices | Overview screen, if any changes were made, select Save.

Note

This step of allowing users to join devices to Microsoft Entra ID is only needed for the Autopilot user-driven Microsoft Entra join and Autopilot for pre-provisioned deployment Microsoft Entra join scenarios. This setting doesn't apply to Microsoft Entra hybrid joined devices and Microsoft Entra joined devices using Windows Autopilot self-deployment mode as these methods work in a userless context.

Next step: Register devices as Autopilot devices

For more information on allowing users to join devices to Microsoft Entra ID, see the following articles: