How do I stop on-premise domain users from joining azure on workstations?

PJ Tharpe 20 Reputation points
2023-02-27T15:53:17.8633333+00:00

I work for an MSP and we have several clients that are having issues when they are joined to Azure domain. The problems vary from Outlook profile issues, to Teams sign-in issues.

These are on-premise AD users. When signing into Microsoft Office products they get the prompt "Use this account everywhere on your device" and "Allow my organization to manage my device". If they click YES, that's how I'm assuming the PCs are getting azure joined. So in this situation I always click 'This app only' and it does not cause any issues.

My question here.. Is there a way to prevent users from becoming azure joined? Like via policy or a setting?

Any advice here would be awesome. Thanks so much!

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,881 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,707 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,295 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,679 questions
0 comments
Accepted answer
  1. Harpreet Singh Matharoo 7,491 Reputation points Microsoft Employee
    2023-02-27T16:21:41.82+00:00

    Hello @PJ Tharpe

    Thank you for reaching out. You can use following registry key to block Workplace join that happens with Outlook prompt "Use this account everywhere on your device" and "Allow my organization to manage my device". Basically, if end user click on "allow" the machine perform Azure Active Directory (AAD) Workplace Join.

    Registry Key that can be used to block this prompt and preventing workplace join: HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin "REG_DWORD BlockAADWorkplaceJoin=1"

    I hope this answer helps to resolve your issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest