Windows 10 On-Prem and Azure AD RRS feed

  • Question

  • I need a clearifcation about how Azure AD will work on on-perm domain join computers. Every blog post seems to focus on personal devices that get joined to Azure AD. However, I would like to take advantage of Azure AD when it comes to the store and additional MDM offerings.

    The situation:

    Windows 10 domain joined computer.  The user is in both local AD and in Azure AD via the Connect tool.  User signs into an on-prem computer.  Will Windows 10 recognize that the user has an Azure AD account and offer them the private store and SSO into Office 365, etc?  Or does the computer need to be Azure AD joined?  Can this be done automatically through group policy?

    Sunday, July 19, 2015 4:33 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.

    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Monday, July 20, 2015 10:41 AM
  • Greetings!

    With Windows 10, you have a choice between Active Directory, Group Policy, and System Center Configuration Manager for corporate-owned devices that are frequently connected to the corporate network, or Azure Active Directory and MDM for devices that are typically mobile and internet-connected.

    In this article, Managing Azure Active Directory joined devices with Microsoft Intune, Brad discusses when should you consider joining Windows 10 devices to Azure AD.

    You may additionally, watch this video / demo on management of Windows 10 devices.

    Lastly, this blog talks about joining a Windows 10 device to Azure AD.

    Hope this helps!

    Thank you,


    Monday, July 20, 2015 11:58 AM
  • Thanks however what about corporate-owned devices that are frequently connected to the corporate network that want to take advantage of the new private store in the Windows Store? Do they miss out on that? Because the user needs a Azure AD account to take see the private store?  Or SSO into Office 365 and other Apps.

    Do I need to use ADFS?

    Also, if this is not possible. Why? If a user can join Azure AD by just entering an email address and password from a personal device, why couldn't this happen on a corporate device as well? Windows 10 should give us dual benefit here.  Access to local resources on the corporate network and cloud resources on the same machine.

    Monday, July 20, 2015 1:29 PM
  • So I did a little digging though Channel 9's coverage of ignite and found two sessions on Windows 10 management (https://channel9.msdn.com/Events/Ignite/2015/BRK3330 and https://channel9.msdn.com/Events/Ignite/2015/BRK3332).  Basically with Windows 10 it knows about Azure AD and you can only join only one domain at a time.  It's AD or AAD.  With a Windows 10 AD joined computer, when you come across a cloud resource such as the Windows Store or Office 365 it will handle SSO for you via your Azure AD account.  If none exist it will prompt for credentials.  The presenter called it magic.  If this is how it works this would be huge.

    However I don't think all these feature are ready yet for RTM.  Looks like the fall at the earliest.

    Tuesday, July 21, 2015 5:46 AM
  • Hello Anthony,

    For questions or requests related windows 10, you may post it here: https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014 

    Also, you can join a vibrant community where you can ask questions and interact with fellow preview insiders, Microsoft engineers, and support professionals.  Get answers from experts, see what issues are trending, and be an active member of a community @ http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_install/welcome-to-the-windows-10-technical-preview-forum/56369120-6cbf-40d1-b3d7-aac066f8b4ab?auth=1

    Best Regards

    Sadiqh Ahmed


    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Tuesday, July 21, 2015 3:52 PM
  • I am an insider and have contributed there.  But since we are 8 days away from RTM I'm posting an AAD question here about one of the biggest features in Windows 10 that Microsoft did a poor job explaining publicly about.  I appreciate everyone's help and I know it's a little early in Window's 10 lifecycle but I would hope more people would know about how powerful this feature will be on a Windows 10 domain joined computers.  Forget about BYOD.  Having ADD built into Windows while being on-prem is a bigger deal here.
    Tuesday, July 21, 2015 4:28 PM
  • Did you seriously move my question to the Windows Phone Technical Preview forum. lol.  Ok whatever.  I just had a question about how AAD works with Windows 10.  Sorry to the moderator of this forum and sorry to anyone who might have a similar question about ADD.
    Wednesday, July 22, 2015 1:33 PM