How to setup and log in Windows 10 to Azure AD

Have you never used Windows 10 with Azure AD?  We break down how to add users to Azure Active Directory, check if the computer is joined to Azure AD, and how to authenticate the new created user to Azure AD. Get your party hat on, this is going to be fun!!!

Contoso Company Example – User Account Setup

We used a fictitious company called Contoso to help you under Windows 10 and Azure Active Directory.  It’s important to collect as much information as possible regarding the new user for us to being setup Windows 10 with Azure AD.

Time Saving Questions for IT Admin email related work

  • Full Name
  • Email Address
  • Role
  • Name existing user account who’s role is similar to the new employee
  • Any user accounts that need to be disabled and perhaps their license can be recycled?
  • Where or what is their main computer they utilize at the office?

Copy User – Questions Answered

ProTip! AzureAD does not offer “copy user” feature like a Microsoft Active Directory Domain environment.  You will have to manually setup permissions

  • Name:  John Doe
  • Email Address:  john@contoso.com\same password as everyone else but different initials
  • Role:  Medical Assistant – Clinical
  • Name existing user account who’s role is similar to the new employee:  Jane Doe
  • Front Desk

Contoso Company may or may not have already created the email account.

Defer to Microsoft Hosted Office 365 if the mailbox was not created if you are not familiar with all the hosted Microsoft 365 hosting options.

Otherwise, head directly over to http://portal.office.com if you already know what you are doing for creating an email account AKA mailbox.

Great! The user is already created on Microsoft 365.  What now?

Any user with an email setup through the Microsoft Admin Center can authenticate to any Windows 10 computer on the network.  The authentication works as follows:

  • Click “Other user”
  • Type work email address and password
  • Correct sign in options if you are not able to login

Warning: Users will not able to authenticate to the Windows 10 computer if the computer is not joined to Azure AD

 

How do I know if my computer is joined to Azure AD?

There are several methods of authenticating or troubleshooting whether your users are a part of or joined to Azure AD.  The easiest is simply trying other users can authenticate with their email address at the Windows 10 login Screen.

Can a user be logged into Windows 10 without authenticating to Azure AD?

Yes, some user accounts could have created a local account during the new computer setup.  NetworkAntics recommends creating our personalized “localcontrol” administrator account and not the employees user name during the initial new computer setup.

 

 

 

 

 

 

How do I confirm I’m joined to Azure AD if one of employees is already logged in to the computer?

 

  • open elevated cmd on machine and run below command to check the status
    “dsregcmd /status”

 

 

  • Alternatively, go to start menu type “Settings” and open it.  Find accounts and  you should see under “Access work or school” the admin account authenticating to Azure AD.

 

 

 

 

 

 

 

 

The Admin account for Azure AD is also listed under “other people”  Otherwise, you need to join Azure AD if you do not see any of these illustrations connected to Azure AD.

 

 

 

 

 

 

 

 

 

 

I have Azure AD and the user account email address is authenticated or logged on to the Windows 10 desktop.  What now?

 

Front Desk Applications:
Outlook
8×8
Aesthetics Pro
Kerio
Brilliant Distinctions
Allergan
Foxit Reader

 

Document As You Go

  • Keepass User and Email
  • Info Sheet

 

 

 

A Brief Nerding Out Session.  (most people can skip ahead) Azure AD Resources:

 

Azure AD is *not* a domain.   Azure AD is fundamentally different than a domain environment.

Azure AD accounts use the user@dns-name.com naming format.  But it should not be mistaken as an email address.  A user *may* have the same email, but it isn’t necessary.  If you create an Azure AD tenant, and create an Azure AD user in the portal, that account can be used to log into a windows 10 that is joined to the same Azure AD tenant using the user@dns-name.com account format even if no email is associated with that account.

With that said, no there are no other formats (such as the old-school NetBIOS\username format of old) that works.  In Azure AD, it will always be user@tenant.tld

 

Windows 10 Azure AD Summary

 

There you go!   You have Azure AD IT administrator experience.  This is a nice foundation piece for you to add on to more IT related administrator stuff later.

 

Leave a Reply

Your email address will not be published. Required fields are marked *