Connecting Windows 10 to the Cloud (Azure AD Domain Join)

Update Jan 2016: This blog post was based on preview of Win 10 and without all current features in Azure AD.  I have since this blog post found a lot of very good scenarios for joining Azure AD. Check my newest posting on this matter.

Microsoft has been stating that Windows 10 will be utilizing Azure AD in a new way:

With Windows 10 we’ll also add the ability to leverage Azure Active Directory, devices can be connected to Azure AD, and users can login to Windows with Azure AD accounts or add their Azure ID to gain access to business apps and resources

With the newest build I have been searching for ways to join my Windows 10 device to Azure AD but it took a while to figure it out. Twitter was a good friend and with tips from @mniehaus and @jarvidmark on twitter I figured it out. It was someone else who has been writing a guide about it aswell. This guide is to be found here: https://cloudpuzzles.net/2015/02/joining-windows-10-device-azure-active-directory/  (Thanks to @jefutte)

I decided to try this out my self and share my experience with my readers. The first ting I needed to do was to set up an new Windows 10 testmachine as my main machine is domain joined and for this purpose I need a non-domain-joined device.

After this I needed to follow the guide l linked to earlier and enable device registration in my Azure domain. You do that by enable Workplace Join on the domain.

Now my infrastructure is ready and I next step was to connect my Windows 10 macine to the cloud. Start the Settings app and go to System -> About and find the button for connecting to the cloud. I am not going to write detail about the enrollment scenario as that is already written in linked guide earlier.

connect

After I setup credentials in the Cloud Experience Host window it finished its work and just closed without any notice. Its preview after all. But a quick look in Azure AD verified that the computer indeed is AAD joined

aadjoined

On the Windows 10 Client I also found a new certificate for client authentication utstedt by MS-Orgination-Access
cert

You can also check in Settings-System-About and see that you no longer have any option to either Join Domain or Connect to the cloud. I have not found any option to disconnect/unjoin Azure AD from the client yet.

NoOption

I do recommend a restart and then when you log on to your computer with your Azure ID you will clearly see that you are using Azure AD.

Loginexp

After the login you will be prompted to create a pin, but the Cloud Experience host prosess fails a couple of times before it goes through. If you dont create the pin it will keep on prompting you. See the linked guide for more info about this.

After this is done you will also see that the ID you used jo join Azure AD is added to the Adminstrators group on your device.

Admin

Now you can add your Microsoft Account to be able to sync settings and access your apps and data just like on a on-premise domain joined device.

AddMSA

I have not yet find any good use for joining azure ad, but I think as a company you could utilize this better when this preview feature is developing further. I still have to log in to Office365 (no SSO), and I still have to have an Microsoft Account to be able to get apps at this point.

0 thoughts on “Connecting Windows 10 to the Cloud (Azure AD Domain Join)

  1. Any idea how to add other users from the AzureAD to the local Administrators group? i.e if you logoff and login with a new user from the AzureAD they don’t get added to the Local Admins group – it’s only be the first user this happens for – which makes sense. It’s up to the first user to add additional… but how?

Leave a Reply

Your email address will not be published. Required fields are marked *