Edit

Azure AD join a new Windows device during the out of box experience

  • Article

Windows 11 users can join new Windows devices to Azure AD during the first-run out-of-box experience (OOBE). This functionality enables you to distribute shrink-wrapped devices to your employees or students.

This functionality pairs well with mobile device management platforms like Microsoft Intune and tools like Windows Autopilot to ensure devices are configured according to your standards.

Prerequisites

To Azure AD join a Windows device, the device registration service must be configured to enable you to register devices. For more information about prerequisites, see the article How to: Plan your Azure AD join implementation.

Tip

Windows Home Editions do not support Azure AD join. These editions can still access many of the benefits by using Azure AD registration.

For information about how complete Azure AD registration on a Windows device see the support article Register your personal device on your work or school network.

Join a new Windows 11 device to Azure AD

Your device may restart several times as part of the setup process. Your device must be connected to the Internet to complete Azure AD join.

  1. Turn on your new device and start the setup process. Follow the prompts to set up your device.
  2. When prompted How would you like to set up this device?, select Set up for work or school. Screenshot of Windows 11 out-of-box experience showing the option to set up for work or school.
  3. On the Let's set things up for your work or school page, provide the credentials that your organization provided.
    1. Optionally you can choose to Sign in with a security key if one was provided to you.
    2. If your organization requires it, you may be prompted to perform multifactor authentication. Screenshot of Windows 11 out-of-box experience showing the sign-in experience.
  4. Continue to follow the prompts to set up your device.
  5. Azure AD checks if an enrollment in mobile device management is required and starts the process.
    1. Windows registers the device in the organization’s directory in Azure AD and enrolls it in mobile device management, if applicable.
  6. If you sign in with a managed user account, Windows takes you to the desktop through the automatic sign-in process. Federated users are directed to the Windows sign-in screen to enter your credentials. Screenshot of Windows 11 at the desktop after first run experience Azure AD joined.

For more information about the out-of-box experience, see the support article Join your work device to your work or school network.

Verification

To verify whether a device is joined to your Azure AD, review the Access work or school dialog on your Windows device found in Settings > Accounts. The dialog should indicate that you're connected to Azure AD, and provides information about areas managed by your IT staff.

Screenshot of Windows 11 Settings app showing current connection to Azure AD.

Next steps