none
Difference between Azure AD Join and Registration RRS feed

All replies

  • Hi,

    Actually, I believe the tutorial/docs are wrong. There is a difference in registering a device to Azure AD or joining it. On my Windows 10 (1803) machine, that hasn't been registered or joined to Azure AD yet, I get the option to register it to Azure AD, or use an alternative action to join it to Azure AD. As you can see in the image below.

    Also, you are correct that Azure AD Connect is required for Hybrid Azure AD Join. For more information, refer to: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual-steps

    "Before you start enabling hybrid Azure AD joined devices in your organization, you need to make sure that:

    • You are running an up-to-date version of Azure AD connect.
    • Azure AD connect has synchronized the computer objects of the devices you want to be hybrid Azure AD joined to Azure AD. If the computer objects belong to specific organizational units (OU), then these OUs need to be configured for synchronization in Azure AD connect as well.

    Azure AD Connect:

    • Keeps the association between the computer account in your on-premises Active Directory (AD) and the device object in Azure AD."
    Tuesday, September 4, 2018 12:44 PM
  • Hi, John,

    Thank you for your reply.

    However, I don't think "Setup a work or school account" is corresponding to "Azure AD Registration". Also "Join the device to Azure AD" is not corresponding to "Azure AD Join"

    1. If I login with local Admin account, then use "join the device to Azure AD" and input an account in Azure AD, after connected. I check Azure AD and it shows the device is in "Azure AD Joined" status.

    2. If I login with local Admin account, then create a normal local account "Test", then login with "Test" account and repeat the steps to  "join the device to Azure AD", I will see the device in "Azure AD Registered" status.

    Wednesday, September 5, 2018 12:10 AM
  • Hi chcw.  This has been bothering me also.

    I agree with some of your test results but not everything. You say in step 2.... create a normal local account "Test", then login with "Test" account and repeat the steps to  "join the device to Azure AD".  I don't think this is possible because only administrators can Join the device to Azure Active Directory.  Normal local users do not get this option.  Perhaps Test was in the Local Administrators group accidently?

    Bottom line is this:

    • If the local admin chooses "join the device to Azure Active Directory"  then the device is joined and appears as "Azure AD Joined".
    • If any local user chooses "Setup a work or school account" then the device is registered and appears as "Azure AD Registered".

    Anyway let me expand on your findings with some testing I did.

    1. If I login with local Admin account, then use "join the device to Azure Active Directory" and input an account in Azure AD, after connected. I check Azure AD and it shows the device is in "Azure AD Joined" status.

    but I can only sign in using local accounts.  I cannot sign in with any AD user.  I tried many variations of the sign in user@domain.com; username; AzureAD\username; etc.  This is the bit I don't understand.  Why cant I use AD user account after I joined the domain?

    2. If I login with local Admin account, then use "Set up a work or school account", I will see the device in "Azure AD Registered" status.

    and again I still cannot use any Azure AD account. Why?


    3. If I login with local Admin account, then create a normal local account "Test", then login with "Test" account and use "Set up a work or school account", the device does not appear in Azure AD.  Note:  I do not get options to join to the Azure AD.

    and again I can only sign in to the device with local accounts.  The Test user cannot sign in with their Azure AD account.

    I have a feeling I am missing something fundamental as I can not use any AD accounts to sign in.



    Mike


    • Edited by M Fairley Wednesday, October 10, 2018 8:05 AM
    Wednesday, October 10, 2018 8:01 AM
  • Hi Mike,

    From my point of view, registered device you may use as BYOD or hybrid join. It means when you have On-Premises AD and AADconnect you may register your devices and log on the computer with your account from your local AD because this account is synchronized to AzureAD.

    Friday, February 22, 2019 12:49 PM
  • Hi there,

    I have been trying to understand this for a while now. I am still not able to understand the difference and the use cases. Could someone please tell me simple words?

    Thanks! :)


    Pradeep Kandel Cloud Consultant @SeeLogic Limited | Microsoft MVP- Microsoft Azure | Twitter: @PradeepKandel

    Friday, December 13, 2019 8:48 AM
  • AD Join - must be windows 10 and is typically a corporate device.

    AD Register - Focused on Single Sign On for personal devices. Supports Windows, Android, IOS.

    • Proposed as answer by HajarQh Saturday, June 6, 2020 2:59 PM
    • Unproposed as answer by HajarQh Saturday, June 6, 2020 2:59 PM
    Friday, January 3, 2020 2:33 PM
  • Saturday, June 6, 2020 3:00 PM
  • as a short answer:

    register AAD - seems like workgroup in inner network

    join AAD - like a domain joined

    Friday, June 12, 2020 12:45 PM