Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,004 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Azure AD joined devices are the devices which are in workgroup. There is prerequisite for Azure AD joined is that the Windows device should not be joined to any domain to have the Azure AD joined in place.
Now if the device is not joined to any on-premise domain then you cannot access any on-premies resources from that device.
Provided, if you are trying to access any on-premises application from this AAD joined device then you will have to deploy that application via Azure AD app proxy.
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy
Or if this approach is not feasible for you then you will have to configure the Windows device as Hybrid Azure AD joined. For this you will have to join the devices to on-premises domain.
Do let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 19%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBN%3C/text%3E%3C/svg%3E)