What's the better method to join a device automatically to Azure AD

DeathTheHusky 21 Reputation points
2021-07-22T08:00:26.373+00:00

Hello there !

I'm new to Azure AD and we are actually switch in from an old AD.
I'm an IT admin of a school and i actually have been manage hundred devices, it can be for students or administrative persons.
We have :

  • Administrative PC (PC owned by the personnal)
  • Student Laptop (School lend laptop to student for the year)
  • Desktop PC (PC at school for self service, or used as lab when we have physical classes)

My question is :
How to registered and to make every of these PC conform to the AD ?

I tried with the powershell script to then inject in InTunes and to make the PC conforms ==> It's very long mainly when you have a lot of PC, plus we have distributed most of our laptop to student so we don't have the control anymore and they aren't signed up on Azure AD

I tried with joigning an Azure AD directly in the Windows parameters, it works, it's fast and the PC is displayed as "conform" in Intune.
I just have to send the bitlocker key through the network manually but not a problem.

But if you have a faster and better automation of it, i'd take it.
i tried BOOD way but it isn't detected so i didn't get how it work and i'm discovering right now the Windows Configuration Designer from WADK

The problem :
How to register the laptop that we already lend to student in our Azure AD ?
The laptop has an Admin + User Account, we have Office 365 Licence Academy account linked to Azure AD to each PC (the domain name @ is linked).

Microsoft doc are richs in informations, but as a Junior Admin I'm kinda drowning in these informations and i'll thank you for any informations that you'll bring to me.

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,362 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,802 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jason Sandys 31,296 Reputation points Microsoft Employee
    2021-07-23T15:45:25.95+00:00

    Using the Windows Install Configuration Designer is your best (and only) option to my knowledge to do this in a supported fashion. This will be more or less a manual process to run on each and every device though.

    Keep in mind that user data and configuration will not be accessible to them though once the systems are joined to AAD and they login with their AAD identity as their profiles will remain associated with their local identity.


1 additional answer

Sort by: Most helpful
  1. Jason Sandys 31,296 Reputation points Microsoft Employee
    2021-07-22T18:26:55.627+00:00

    InTunes

    Do you mean Intune?

    Are the devices currently joined to an on-prem Active Directory (AD) domain?

    What's the goal for joining these existing devices to Azure AD (AAD)?

    How are the devices initially provisioned before being given to the users/students?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.