Share via

quick question about devices on azure ad

lii 20 Reputation points
2023-02-20T16:46:48.3366667+00:00

Hello,

I want to ask question about devices on my azure ad.

Is it possible to bind a device to a domain on azure ad(for example -

I have 2 devices, both devices have a displayName of deviceTest. Is it possible to bind a device to domain1.onmicrosoft.com and the other one to domain2.onmicrosoft.com?

And also a general question:

can devices on one azure ad be distinguished by their displayName?

Thanks.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2023-02-23T09:54:19.9+00:00

    @lii

    Thank your for posting you query on Microsoft Q&A. Yes you can have a device registered or joined to different Azure AD.

    • Assign Azure AD license to a user say U1 of domain1.onmicrosoft.com with UPN: ******@domain1.onmicrosoft.com

    User's image

    • Within device settings ensure that user may "join device to Azure AD" is set to "All" or to a user group containing "User1"

    User's image

    Follow these steps on your windows 10/11 device to join your device it to Azure AD :

    1. Open Settings, and then select Accounts.
    2. Select Access work or school, and then select Connect.
      220065-image.png
    3. On the Set up a work or school account screen, select Join this device to Azure Active Directory.
      220102-image.png
    4. On the Let's get you signed in screen, type your email address (for example, alain@Company portal .com), and then select Next.
      220083-image.png
    5. On the Enter password screen, type your password, and then select Sign in.
      220050-image.png
    6. On your mobile device, approve your device so it can access your account.
      220028-image.png
    7. On the Make sure this is your organization screen, review the information to make sure it's right, and then select Join.
      220055-image.png
    8. On the You're all set screen, click Done.
      220066-image.png

    Similarly follow steps for 2nd device with user from domain2.onmicrosoft.com

    • Can devices on one azure ad be distinguished by their displayName? Yes, devices can be distinguished by name, device ID or object ID: User's image

    Please do let me know if you have any further queries in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

  2. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2023-02-27T06:52:49.6033333+00:00

    @lii

    Thanks for your response PFB inline answer for your queries:

    • I asked about the device itself, without the user. Is device(as a standalone device) connected to some domain? Yes, it is possible to have a device connected to Azure AD without user in following ways:
      1. If device is not connected to any on Prem domain then Azure AD join could be achieved via Bulk enrollment for Windows devices and Windows Autopilot.
      2. If device is on-prem joined then follow Configure hybrid Azure AD join.
    • Can I add 2 users from different domain in the same azure account(e.g. domain1.onmicrosoft & domain2.onmicrosoft, the domains was added to the same account) to the same device?
    1. You can register your Windows device in many Azure AD tenants but can only join it to one. Azure AD join is commonly used when the company owns the device, and the user wants to login with an Azure AD (AKA work) account.

    Follows a small glossary:

    • Windows profile: space in the disk mapped to an account and used to store preferences, files, etc.
    • Local windows account: account created and stored in one Windows device.
    • Work account: account created and stored in an Azure AD tenant.
    • Microsoft account: account created and stored in https://account.microsoft.com/account.

    And now a solution: It's up to the number of Windows profiles you want to create. E.g. If you want one profile per duty/goal (3 in total) and since you own your laptop you could:

    1. Join your laptop to your own Azure AD tenant, and sign-in with your work account for your business things.
    2. Create 2 additional profiles, 1 for your personal things and 1 for your current employer. These profiles can be backed by local accounts (exits only in the device) or Microsoft accounts (). You would add the work account provided by your current employee in the latter.

    If you want to reduce profile switching, then you could store your personal information (you can even add a Microsoft account and have separate OneDrive folders, mail profiles, etc.) in your own work account and create a second profile for the work account provided by your current employee.

    • Can I have 2 devices with the same name in one azure-ad (in the same domain)?

    Yes, Azure AD does allow different devices with same name as it does allocate different device ID with different device and no two objects (user/devices/application) could have same device/user/object id in Azure AD.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.