Setting up Azure active directory is an important step if you’re planning to use Azure cloud services. Here’s a how-to video to help you.
Hello. My name is Sam, and I’m Director of Consulting at Tech Impact. We are a nonprofit technology services provider. And I am here today to talk to you about joining your Windows 10 machines to Azure Active Directory to get single sign-on to Office 365 and any other apps that you have integrated. Before you get started, you’re going to want to make sure you’ve taken care of a few things. You are going to need E1 or higher Office 365 licenses. You are also going to want to make sure that all of your machines are running Windows 10 Pro or Enterprise. This is not supported with anything older or with Windows 10 Home. Finally, I would recommend that you run the Windows 10 Upgrade Assistant. Windows 10 has come in a lot of different flavors and the interface can differ slightly depending on what version you are on. Running the Windows 10 Upgrade Assistant is the only way to make sure that you are on the most modern version of Windows 10. Everything we are doing here today is possible with the free E1 Office 365 licenses.
If you choose to subscribe to an additional Enterprise Mobility + Security license you can do a lot more including specifying local administrators on your machines, configuring those machines using InTune which can be a replacement for your on-premise Active Directory group policy, and even conditionally providing access based on machines encryption or Windows updates or antivirus stats. It’s even possible for your users to enroll personal devices to make sure that they are meeting basic security requirements without actually fully controlling them as an administrator. Let’s go ahead and get started.
We are going to log into the Office 365 Administrative Portal. I have enabled two-factor authentication which is definitely something you should do, so I’m going to type in the one-time code that was just texted to me. Next, I’m going to open up the Office 365 Administrative Panel, and from the left-hand control panel, I’m going to select Azure Active Directory. Right now we are looking at the old Azure portal. There is a new portal which will be the default very soon. I’d recommend that you to make your changes there instead. Let’s go ahead and click on the “Check out the new portal” link at the top, and launch that more modern portal. You will see that my URL has changed. This direct link, if you want to bookmark it, is just portal.Azure.com. So now we are going to open up the Azure Active Directory control panel from the left, and I’m going to select Users and groups, and then we are going to click on Device Settings.
And here I need you to make sure that “Users may join devices to Azure Active Directory” is set to either All or Selected. “All” allows anyone in your organization to join their computer to Azure Active Directory. “Selected” allows you to specify a particular group or set of users who are able to do so. If you would like to make the join process more secure you can also turn on “Require Multi-Factor Auth to join devices” which I would strongly recommend. Let’s go ahead and click Save. And now that’s it. My Azure Active Directory is ready to accept computers being joined. So I’m on a Windows 10 machine right now. Let’s just go through this process. I’m going to go ahead and just open up the Settings app and I’m going to open up Accounts and go to Access work or school, and then I am going to click on this + Connect button. Now if I had an Enterprise Mobility and Security license and I had set this up as an administrator, I could actually enroll this device in Office 365 without joining it which would provide me with some limited management and reporting capabilities without actually taking control of the machine.
But in this case, this is a company-owned machine and I only have a free E1 license, so let’s go ahead and just join this to Azure Active Directory using this link at the bottom. Now I’m going to put in my account information and my password. Like everything else we do, I am using two-factor authentication. Okay, now we are setting up my machine.
So let’s go ahead and restart the machine and I can show you what just happened. So now you’ll see that I have the old user that I was logging in, but I also have this new button here called “Other user.” Let’s click on that. Here it’s going to ask me to sign in into my work or school account, so let’s put in my Office 365 credentials which are also my Azure AD credentials. And that’s it. I just logged into my computer using my Azure Active Directory credentials.
Now that I’m logged in using my Office 365 account I want to show you something interesting. Let’s go ahead and launch Edge. This would work the same way with Internet Explorer. Let’s go to portal.office365.com. So I’m just going to log into my Office 365 account. Now you’ll notice that I’m actually automatically in my machine. I didn’t have to re-login, and that’s because when I do Azure Active Directory domain join I’m also getting single sign-on to Office 365.
This doesn’t just work with the website, I can actually do the same thing using any of the Office applications. Another thing to note is that it did require me to use two-factor authentication to join the device itself, but after that, it didn’t require me to use two-factor authentication, and that’s because the device itself serves as a second authentication source. And that’s how we join our Windows 10 machines to Azure Active Directory. This is a really easy way to get rid of your on-premise Active Directory server if you are a small organization that doesn’t need the benefits of group policy.
And I hope you’ll play around with it.
Thanks for watching. Please share this link!