How to join device as Azure AD Joined if its added as Azure AD registered

Ritesh Sharma 266 Reputation points
2023-02-09T16:29:21.8633333+00:00

Hi, i have scenario. Where devices have been added as Azure ad registered. can it be Azure AD joined after Azure AD registered? If yes, what steps i need to follow?

If not, what i need to do to join them as Azure AD joined in Hybrid environment. As devices are already AD join.

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,254 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,601 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 16,036 Reputation points Microsoft Employee
    2023-02-23T12:37:10.5666667+00:00

    @Ritesh Sharma ,

    If a device is already Azure AD registered then you need to unregister it from Azure AD.

    For Windows 10/11 Azure AD registered devices, Go to Settings > Accounts > Access Work or School. Select your account and select Disconnect. Device registration is per user profile on Windows 10/11.

    For Windows 10 version 2004 and older, this process can be automated with the Workplace Join (WPJ) removal tool

    Once done, please validate if there are any device entries in Azure AD, if found delete them.

    Now restart the windows device.

    Follow these steps on your windows 10/11 device to join your device it to Azure AD :

    1. Open Settings, and then select Accounts.
    2. Select Access work or school, and then select Connect.
      220065-image.png
    3. On the Set up a work or school account screen, select Join this device to Azure Active Directory.
      220102-image.png
    4. On the Let's get you signed in screen, type your email address (for example, alain@Company portal .com), and then select Next.
      220083-image.png
    5. On the Enter password screen, type your password, and then select Sign in.
      220050-image.png
    6. On your mobile device, approve your device so it can access your account.
      220028-image.png
    7. On the Make sure this is your organization screen, review the information to make sure it's right, and then select Join.
      220055-image.png
    8. On the You're all set screen, click Done.
      220066-image.png

    Similarly follow steps for 2nd device with user from domain2.onmicrosoft.com

    • Can devices on one azure ad be distinguished by their displayName? Yes, devices can be distinguished by name, device ID or object ID: User's image
    • Apart from this if device is already on-prem AD joined and if you have any plans for Intune/MDM, then you could follow Enroll a Windows 10 device automatically using Group Policy

    Please do let me know if you have any further queries in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments
  2. Fabricio Godoy 2,601 Reputation points
    2023-02-23T12:37:57.53+00:00

    Hello Ritesh

    No. you need create a hybrid environment if you wanna both scenarios

    Its not a simple task to make a hybrid join.

    But fortunately, Microsoft have a series of documentaion about this.

    https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

    https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join

    I recommend that you do in a test environment, or just a few test machines before activating in production.

    good luck

    Regards

    0 comments