Have you never used Windows Azure AD login?  We break down how to add users to Azure Active Directory, check if the computer is joined to Azure AD, and how to authenticate the new created user to Azure AD. Get your party hat on, this is going to be fun!!!

Quick Resource Links:

Windows Login Problems

Struggling to login into Windows 10?  Do you use an email address to login?  They are multiple way to authenticate to Windows at the Windows logins screen but only one may work or contain your profile data.  Email address, local user account, and domain account are the methods for authentication.   Click the link above to see which method works for you.

Azure Active Directory is the gateway into Intune

Follow this guide to get more context as to why Mobile Device Management is more important now than ever.  Then learn how to join devices to Azure AD and how Intune sometimes is added at the same time.

Don’t understand Microsoft 365 Licensing?

Are you the point of contact for the IT administrator of your Office 365 Email Server or Active Directory?  Get acquainted with the subscription licensing structure.  PS – Office 365 in most cases will be rebranded as Microsoft 365 after April 2020.

Best practice setup of network environment

Do I use modern IT (Azure AD) , traditional IT (LDAP domain controller), or a mixture of both?

What is Azure AD?

You may already have it and don’t know if your email is hosted by Microsoft Office 365.  It’s a free subscription when you have Office 365 email by Microsoft or any Microsoft 365 subscribed service.  At the heart of Azure AD, it is nothing more than an identification management service. The identity service provides single sign using OAUTH2 or SAML authentication. A free Azure Active Directory subscription comes default with Office 365 or now known as one many suite of options in the Microsoft 365 line of products.  The free version does not include the Sign-ins activity report. To record sign-in activity (which can be useful in the event of a data breach), you need an Azure Active Directory Premium subscription.

Device Registration Options

We illustrate some options for registering to Windows Azure AD login and some other devices who like to join Azure AD or perform a device registration.  Device registration come in handy when the employee owns their own device.   A good example of this is when they want to use their iPhone with Outlook Mobile app for accessing their corporate email.

ProTip! Ensure device auto enrollment is turned on when using a Business Premium license.  Autoenrollment allows devices that join to Azure AD to automatically be enrolled in Intune and have policies.  The Microsoft 365 Business Premium license features Intune.

Great! The user is already created on Microsoft 365 Business.  What now?

  • Join a Device
    • Make sure the Windows 11 computer is registered with your Azure environment if you are not using logging into Windows 10 via a “local account” or “domain account” and want to take advantage of  Windows Azure AD login features.
  • Manage a Device
    • Read up on how to view your devices from Azure.
  • “Registering” or “Joining”  Azure
    • More fun literature I don’t care to explain.

Any user with an email address setup through the Microsoft Admin Center can authenticate to any Windows 11 computer on the network.  The authentication works as follows:

  • Click “Other user”
  • Type work email address and password
  • Correct sign in options if you are not able to login

Warning: Users will not able to authenticate to the Windows 10 computer if the computer is not joined to Azure AD

I don’t want to login with my email address.  Windows 11 load a completely different profile than what I am use to.   I want use my Windows local account.

At the Windows login, use…

.username

or

nameofcomputerusername

We have traditional IT network with an Active Directory domain controller (DC) on-site.  How do I authenticate then?

At the Windows login, use…

DomainNameusername

How do I know if my computer is joined to Azure AD at the login prompt?

Can you use an email address at login?  There are several methods of authenticating or troubleshooting whether your users are a part of or joined to Azure AD.  The easiest is simply selecting “other user” for verifying if you can authenticate with their email address at the Windows 11 login Screen.  Confirm you are truly using Windows Azure AD login features once you are logged in with an an email address by viewing and troubleshooting with the illustrations below.

Can a user be logged into Windows 11 without authenticating to Azure AD?

Yes, some user accounts could have created a local account during the new computer setup.  NetworkAntics recommends creating our personalized “localadmin” administrator account and not the employees user name during the initial new computer setup.  Windows 11 Azure AD c

User authentication? We already have that…

No dude…  Read up on component scenarios.  You may have…

  • Traditional AD.
  • Active Directory Server, in Azure or On-Premises (Traditional AD, extend to cloud *** No ADDS)
  • Azure AD
  • Azure AD Domain Services (AADDS)
  • MaaS 360?  Idunno, there’s different way of authenticating to a central server location.

Are you not hosted by Microsoft 365 Business?

Defer to the Microsoft 365 Licensing to see what is the best subscription for your team.  For most small businesses that should have security at the top of mind, it is Microsoft 365 Business Premium.

How do I confirm I’m joined to Azure AD if one of employees is already logged in to the computer?

Defer to our new post for nut and bolts Windows 11 joining to Azure AD and what does it look like from the Azure Active Directory Dashboard…  https://www.networkantics.com/azure-ad-device-registration-vs-joined-vs-enrolled/

I have Azure AD and the user account email address is authenticated or logged on to the Windows 11 desktop.  What now?

Front Desk Applications:
Outlook
Word
Excel
Chrome
Firefox
Scanning Software
Foxit Reader

Document As You Go

  • Keepass User and Email
  • Info Sheet

A Brief Nerding Out Session.  (most people can skip ahead) Azure AD Resources:

Azure AD is *not* a domain.   Azure AD is fundamentally different than a domain environment.

Azure AD accounts use the user@dns-name.com naming format.  But it should not be mistaken as an email address.  A user *may* have the same email, but it isn’t necessary.  If you create an Azure AD tenant, and create an Azure AD user in the portal, that account can be used to log into a windows 11 that is joined to the same Azure AD tenant using the user@dns-name.com account format even if no email is associated with that account.

With that said, no there are no other formats (such as the old-school NetBIOSusername format of old) that works.  In Azure AD, it will always be user@tenant.tld

Additional Microsoft Resources:

Joining to network

https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network

Azure Ad joined vs Azure AD Registered

https://docs.microsoft.com/en-us/archive/blogs/trejo/azure-ad-join-vs-azure-ad-device-registration

**Azure support team**

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/supportRequest