none
Windows 10 Joined Azure Active Directory w/o Local User Permission RRS feed

  • Question

  • My Windows 10 (version 1607) computers are joined to an Azure Active Directory without my permission.  I did not actively join an Azure AD on the settings/accounts/access work or school account page or on the System about page. When I go to any of these settings pages there is not option to join or leave an Azure AD or Organization.  I also found a provisioning package being applied to the computer at logon.  Presumably coming from the Azure AD that the computers are linked to.  How do I disconnect my computers from whatever active directory it is joined to?
    Details:  The computers are personal home use computers that should not be joined to any organization's active directory.   Every time a new computer is setup in my house it gets joined to an unknown Azure Active Directory.  During setup and subsequent updates the computers are automatically joined to some azure active directory without input from the local user.  The computers are new and have not had any additional apps added.  All security settings have been changed to not allow sharing of any type.  Default user accounts have been disabled.  The computers have not been used for anything aside from surfing the web for a solution.  They are out of the box with setup and updates completed.
    Event Log viewer shows remote power shell commands being executed event #4104.  Device management-enterprise-diagnostics- reports System migration tasks completed event #1700.  Windows Remote Management reports Activity Transfer Event #254.  At logon, I often get a message that there has been a change in the network status.  These events seem to be related to the computers being linked to an active directory somewhere.  
    On the settings-account-join a work or school account there is an option to "Export your management log files"  which exports an XML to Users\public\Documents\MDMDiagnostics\.  The log file shows 100 pages of code being provisioned to the home use computers. 
    Tcpview shows the home computers trying to/or connecting to various computers around the world at various times when a browser is open on the Google search page with no other web pages open.   I assume all this activity is related to the active directory the home computers have been linked to.
    Whatever is happening with these new computers seems to be a serious security threat related to Windows 10 "join an azure active directory".  These home computers should not be connecting to or trying to connect to: computers in the Ukraine, Croatia, Canada, England, Germany, etc when no web pages are open aside from a google search screen.
    I have been searching the web for months to figure out how to disable the join an azure active directory feature on new computers.  I have contacted Microsoft support desk, visited a Microsoft store for technical help, and contacted MCafee support to no avail.  All technical assistance ended at level 2 support telling me they do not know how to correct the issue and to take the computers back to the store or contact the computer manufactures to get the setup disks and rebuild the computer.   After 5 new computers, I would prefer to have a different solution.     
    I have posted on various forums that post back a solution to go to settings/system/about and click the button "Leave an Organization".  This button does not exist on these computers.  (Maybe hidden by some sort of group policy being applied to the computers. ) 
    This situation has been going on for 2 months with every new Windows 10 computer I bring into the house.  Please provide information on how to disconnect the local computers from the azure active directory they are joined to and disable or block them from being joined to an Azure Active Directory again.   Thank you!

    Win 10 KidRock User

    Monday, September 19, 2016 3:44 PM

Answers

  • This sounds to me like your computers are getting comprised each time one is introduced. So my thoughts what is common between all the PC's? Is the wifi point the same, the router connected the same? Do you plug a phone in or a USB drive?

    If on the System Properties does it display the domain name? What is that? Command prompt type 'set' (without quotes), what LOGONSERVER is listed in that list?

    Tuesday, September 20, 2016 6:03 PM