Its difficult to find tutorials like this without the unnecessary babbling. This was excellent! Quick, to the point and clearly explained. No need for a 45 minute vid to explain registered devices :). Thank you for posting
Great video. The Cert is issued in the User Store which is specific to the user who was logged in when u registered the machine. Now if u login with any other account can they leverage SSO. I dont think so because the Cert shouldnt be available for the new user who logged in which i am assuming becomes a scenario in which a new user who logged on and now the machine is no longer AAD registered. this is just an assumption please correct me if I am wrong.
For Azure AD registered devices, you use local account, so If the user will sign in with different account the same set of information will not be available. You are absolutely correct, the account with which you register your device will experience SSO. If you use multiple local account to register the machine multiple times, there will be multiple device objects created in azure active diectory with different owners. The key difference will be the device ID.
@@ConceptsWork As you have mentioned to register the device it required a corp identity, it means local account can not register the device and hence SSO will not work. so the to get SSO feature for Local account.
Thanks for the great content. @conceptswork- Once device is Azure AD registered using corp identity. What if I try to login to device using same corp identity that was used for Azure AD registered rather than local account? Is it possible to get SSO experience while accessing company resources after login using corp identity? Pls clarify
It is good info. But after I registered the device Windows 10 in Azure AD, the certificate is not pushed to my device. Single Sign on did not work either on my registered device. After add "windows 10 account chrome extension", single sign on works now. Anything different from recent Azure release? Certificate is not pushed to registered device anymore. Thanks
Nice video! Keep posting more :) I have a question:- In my org all of my machines are joined to local Active directory, I can see them in AAD portal as AzureADRegistered. None of the user's have signed in manually. How come those devices are registered?
Very well-explained, thanks I'm new in Azure ! In order to be able to register/join devive to Azure AD Your username needs to be in Azure AD in advance ? Does Azure AD devive registering require administrator privileges on your pc ? or can an ordinary user also register/join Azure AD devive ?
One question here , in case of aad registration , dsregcmd /status shows , AzureAdprt as No , but still user experience the SSO in the browser that too with the help of prt only , so can u give some clarity , where the prt is , and how we can see it in case of aad registerred devices ? For aad join , its clear ,as we login using corp account , dsregcmd /status shows aadprt as yes .
Dear I have a question on Azure AD Registered devices Can you please demo how I can add My corporate Mac OS as Azure AD Registered device as it does not have same option as windows
Very good tutorial. After I registered the device, I see the certificate pushed to my machine. When I bring up azure portal on a browser, it is still asking for credentials, what did I miss here?
As you have mentioned to register the device it required a corp identity, it means local account can not register the device and hence SSO will not work. So how to enable the SSO feature for Local account
Awesome work as usual. Can i please ask can we register Azure AD Registered devices into intune especially since they login with local accounst as supposed to corporate one that actually has the E5 license on it. I have 40 devices that is Azure AD registered that needs to be synced into Intune . Also do they need to have local admin access to do the enroll? Please advise and keep up the great work
If you have automatic enrollment enabled from endpoint manager portal, Azure AD registered device will automatically get enrolled to Intune, provided the user is in mdm scope and has a valid license.
New device creation from powershell is not possible. A device object is a device identity which gets created when a device is either joined or registered in Azure AD.
Hi, thanks for the tutorial. this does not work with Chrome or other non-Microsoft browser, what should we do in this case? will making this VM AAD domain joined solve this problem? thanks
Have your tried installing windows 10 accounts extension for chrome, azure aj join will also have same experience, becuase it is the function of browser to use WAM correctly. For chrome try installing win10 account extension.
You need an Azure AD account to join machines to Azure AD. Click on settings --> Access work or school Account -> Connect -> Join to Azure Active Directory.
What do u mean by using local password ..what i understood when u chose ur corporate email adress then u need the same password of ur corporate email address that's ur user id and it's password
@@ConceptsWorkI'm still confused is this user a synced user to azure ad if yes then he uses the same user id and password to login right?....or by windows account you mean his onpremise user id and password coz in both the case of he is not using his synced userid and password how will the the Azure ad know that he has access to azure
Hello Sachin, Please check if the internet connectivity is available on the machine. Also below mentioned is message that you must be getting "We couldn't auto-discover a mangement endpoint matching username entered". If you see a message that says We couldn't auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it., then you should try to re-enter your username and password. If it still doesn't work, you should check with your company support for the website that you need to provide in the Management endpoint text box. This is a website that probably looks like www.yourcompany.onmicrosoft.com.