Suppose you work for a large book publisher that's deploying Windows 11 to employees' laptops. Your organization uses Azure Active Directory (Azure AD) and Azure AD Multi-Factor Authentication. With these services, you can manage user identities and help protect the organization's resources.

You want to add another layer of security for devices. Specifically, you need to restrict access to the organization's resources only to devices that your organization manages and that your mobile device management (MDM) system considers compliant. You also want to improve your organization's experience when switching between devices.

Learning objectives

In this module, you'll:

  • Describe options to manage device identities in Azure AD.
  • Configure Azure AD join to manage device identities.
  • Configure Enterprise State Roaming to reduce the time that users need to configure a new device.


  • Basic knowledge of Azure AD features such as Azure AD Connect, Azure AD Seamless single sign-on, and Multi-Factor Authentication
  • Basic understanding of MDM software like Microsoft Intune