2 minutes to read
With device management in Azure Active Directory (Azure AD), you can ensure that your users are accessing your resources from devices that meet your standards for security and compliance. For more information, see the introduction to device management in Azure Active Directory.
With Windows 10, You can join a new device to Azure AD during the first-run experience (FRX).
This enables you to distribute shrink-wrapped devices to your employees or students.
If you have either Windows 10 Professional or Windows 10 Enterprise installed on a device, the experience defaults to the setup process for company-owned devices.
In the Windows out-of-box experience, joining an on-premises Active Directory (AD) domain is not supported. If you plan to join a computer to an AD domain, during setup, you should select the link Set up Windows with a local account. You can then join the domain from the settings on your computer.
In this tutorial, you learn how to join a device to Azure AD during FRX:
To join a Windows 10 device, the device registration service must be configured to enable you to register devices. In addition to having permission to joining devices in your Azure AD tenant, you must have fewer devices registered than the configured maximum. For more information, see configure device settings.
In addition, if your tenant is federated, your Identity provider MUST support WS-Fed and WS-Trust username/password endpoint. This can be version 1.3 or 2005. This protocol support is required to both join the device to Azure AD and sign in to the device with a password.
To join a Windows 10 device to Azure AD during FRX:
To verify whether a device is joined to your Azure AD, review the Access work or school dialog on your Windows device. The dialog should indicate that you are connected to your Azure AD directory.