Azure AD with On-Premise Devices

Hollis Fudge 1 Reputation point

We have remote sites with different domains on each site. We are looking at moving to cloud directory. Our end goal is to simply have an cloud directory that on-premise Windows 10 devices can authenticate against. It does not make sense to have an on-premise servers for those sites as each sites are relatively small and it does not make sense to setup many online servers to serve each site separately. These locations are distinct and separate sites and domains or otherwise we would setup one cloud server with multiple forests/domains. We have had setup Azure AD and users and groups and we try to join the devices to that. I try two different way to login via the on-premise Windows 10 computers. I try "How will this person sign in?" I enter the email address from Azure Ad and it says it looks like this isnt a Microsoft Account. I try the "Create Account:" method and it returns You can't sign up here with a work or school email address. So in my Azure AD, I look at that user email that I am trying to login with and it says the source for this account is Azure Active Directory. So how do I get this user (for example) to login to this laptop via the Windows login screen? Whats the correct way to achieve what we need to do? Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,564 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. jLight 201 Reputation points

    I would suggest implementing Windows Autopilot so you don't have to create a Microsoft Account. Make sure to review the requirements.

    For your new devices, make sure to contact your supplier, otherwise, you can just generate the HWID before deploying your laptops (manual way - but still saves you a lot of time compared to having on-prem AD, SCCM, and imaging server).

    0 comments No comments

  2. Hollis Fudge 1 Reputation point

    Thank you for your answer. I am not sure I understand how Autopilot would help our issue as that seems to be device focused not user focused? We are not concerned about the laptops themselves but having the users authenticate on these laptops against Azure AD. I can get one user from our Azure AD tenant to login to the laptop but that account's source is Microsoft Account. The rest of the users show Azure Active Directory and those users are not allowed to login to the laptop neither because it is not a Microsoft Account nor because it is a work/school email address if I try the non-microsoft account login. We basically want cloud-only AD for the windows 10 user login management alone. Theres no need for GPO and other management features. Will autopilot help with this?

    Again, appreciate you answering!