How do I stop on-premise domain users from joining azure on workstations?

Question

I work for an MSP and we have several clients that are having issues when they are joined to Azure domain. The problems vary from Outlook profile issues, to Teams sign-in issues.

These are on-premise AD users. When signing into Microsoft Office products they get the prompt "Use this account everywhere on your device" and "Allow my organization to manage my device". If they click YES, that's how I'm assuming the PCs are getting azure joined. So in this situation I always click 'This app only' and it does not cause any issues.

My question here.. Is there a way to prevent users from becoming azure joined? Like via policy or a setting?

Any advice here would be awesome. Thanks so much!

Answer 1

Hello @PJ Tharpe

Thank you for reaching out. You can use following registry key to block Workplace join that happens with Outlook prompt "Use this account everywhere on your device" and "Allow my organization to manage my device". Basically, if end user click on "allow" the machine perform Azure Active Directory (AAD) Workplace Join.

Registry Key that can be used to block this prompt and preventing workplace join: HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin "REG_DWORD BlockAADWorkplaceJoin=1"

I hope this answer helps to resolve your issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.