Share via

Workplace Join/Device Registration to Azure AD for Local Domain joined Windows 7

<A reference originated>


Accounts between On-premise and Azure AD must be synchronized via AAD connect


<System Configuration check>

From DNS server,   


From ADFS server,
1. O365 federation

2. Enable device registration
Set-AdfsDeviceRegistration -ServiceAccountIdentifier mfalab3\taehee

setspn -Q host/


3. Add claimrules

c:[Type == ""]
=> issue(claim = c);

Open Powershell and run
Set-AdfsRelyingPartyTrust -TargetName "Microsoft Office 365 Identity Platform" -AllowedAuthenticationClassReferences wiaormultiauthn


From Domain joined Win7,
1. Try login to "", enter current login domain user account - "must login in without redirecting ADFS login page!! "

2. Download and Install "Workplace Join agent"

And run "C:\Program Files\Microsoft Workplace Join>AutoWorkplace.exe /join"

To leave, "C:\Program Files\Microsoft Workplace Join>AutoWorkplace.exe /leave"



From Win7,

From Azure Portal