Azure AD Join: What happens behind the scenes? Devices, Security and Identity in Microsoft by Jairo Cadena

You asked for ‘why’ – I am sure there are a lot of answers, I would like to describe our case: We enforce large scale Azure AD initiatives with thousands of shoppers. Because with Win10/EMS Intune/OMA policies and app deployment ‘politely said’ there are often some ‘issues’ and we wish to do in depth testing to find them all. That’s why we designed an Azure based automated Win10 test infrastructure which runs ‘fresh set up to final computing device’ with dozens of parallel scenarios jon. doe.

01 to jon. doe. 99 to envision for complications. Michael, likely one of the best you can do to assist these users is to take them to the Settings page where they’re able to do Azure AD Join. From the browser that you would be able to get to the About page if 1511 edition of Windows with ms settings:about you may have a link for users to click with this value in a online page for instance or that you would be able to get to the Workplace page if 1607 edition using ms settings:office. I am undecided if this is sufficient but maybe worth to believe.

After they’re in the page they can click on ‘Join Azure AD’ 1511 or ‘Connect’ 1607 and then authenticate and follow the flow. Hello Jairo, I have carried out AD FS WIN2012R2, on premise Identity SSO, with Azure AD. Published applications on Azure with CA. The Automatic Device Registration works fine, but sadly from normal clients deployed with a couple of policies, as an example proxy configuration, endpoint protection, etc. Azure DRS is not reached.

We have described CNAME on internal DNS, but after login the Automatic Device Registration fails, reported error “Failed to find out the Azure DRS service. Exit code: Unknown HResult Error code: 0x801c0021. ”. There is a sort of list that consists of all essential Azure DRS endpoints URLs, URI, we ought to define some exceptions on endpoint protection and internal internet proxy. Where does the SID come from?On a Windows 10 Azure AD Joined device the local Administrators group includes:AzureADAdmin S 1 12 1 38678509…S 1 12 1 3346315821 114…S 1 12 1 445845933 119…Note that this join was performed via Settings on a laptop that included only a local admin account.

See also  Provider of food, agriculture, financial and industrial products and services to the world. Cargill

That list would include the Azure AD user that conducted the join and I assume the Azure AD global administrator role and Azure AD device administrator role. in line with info here Users lists that show only SIDs are not overly advantageous.