How to setup and log in Windows 10 to Azure AD

Have you never used Windows 10 with Azure AD?  We break down how to add users to Azure Active Directory, check if the computer is joined to Azure AD, and how to authenticate the new created user to Azure AD. Get your party hat on, this is going to be fun!!!

Quick Resource Links:

  • Windows Login Problems
    • Struggling to login into Windows 10?  Do you use an email address to login?  They are multiple way to authenticate to Windows at the Windows logins screen but only one may work or contain your profile data.  Email address, local user account, and domain account are the methods for authentication.   Click the link above to see which method works for you.
  • Time Saving Questions for IT Admin email related work
    • Are you the point of contact for the IT administrator of your Office 365 Email Server or Active Directory.  Save time by asking the right questions.  Note: Active Directory environments allows you to quickly copy an existing user setup.  Azure user account setup is a bit more tedious.
  • What is Azure AD?
    • You may already have it and don’t know if your email is hosted by Microsoft Office 365.  It’s a free subscription when you have O365 email by Microsoft or any Microsoft 365 subscribed service.
  • Best practice setup of network environment
    • Do I use modern IT (Azure AD) , traditional IT (LDAP domain controller), or a mixture of both?

Great! The user is already created on Microsoft 365.  What now?

  • Join a Device
    • Make sure the Windows 10 computer is registered with your Azure environment if you are not using logging into Windows 10 via a “local account” or “domain account” and want to take advantage of  Windows 10 Azure AD features.
  • Manage a Device
    • Read up on how to view your devices from Azure.
  • “Registering” or “Joining”  Azure
    • More fun literature I don’t care to explain.

Any user with an email address setup through the Microsoft Admin Center can authenticate to any Windows 10 computer on the network.  The authentication works as follows:

  • Click “Other user”
  • Type work email address and password
  • Correct sign in options if you are not able to login

Warning: Users will not able to authenticate to the Windows 10 computer if the computer is not joined to Azure AD

 

 

 

 

 

 

 

 

 

 

 

 

I don’t want to login with my email address.  Windows 10 load a completely different profile than what I am use to.   I want use my Windows local account.

At the Windows login, use…

.\username

or

nameofcomputer\username

We have traditional IT network with an Active Directory domain controller (DC) on-site.  How do I authenticate then?

At the Windows login, use…

DomainName\username

How do I know if my computer is joined to Azure AD at the login prompt?

Can you use an email address at login?  There are several methods of authenticating or troubleshooting whether your users are a part of or joined to Azure AD.  The easiest is simply selecting “other user” for verifying if you can authenticate with their email address at the Windows 10 login Screen.  Confirm you are truly using Windows 10 Azure AD features once you are logged in with an an email address by viewing and troubleshooting with the illustrations below.

Can a user be logged into Windows 10 without authenticating to Azure AD?

Yes, some user accounts could have created a local account during the new computer setup.  NetworkAntics recommends creating our personalized “localadmin” administrator account and not the employees user name during the initial new computer setup.  Windows 10 Azure AD c

 

How do I confirm I’m joined to Azure AD if one of employees is already logged in to the computer?

 

  • open elevated cmd on machine and run below command to check the status
    “dsregcmd /status”

 

 

  • Alternatively, go to start menu type “Settings” and open it.  Find accounts and  you should see under “Access work or school” the admin account authenticating to Azure AD.

 

 

 

 

 

 

 

 

The Admin account for Azure AD is also listed under “other people”  Otherwise, you need to join Azure AD if you do not see any of these illustrations connected to Azure AD.

 

 

 

 

 

 

 

 

 

 

I have Azure AD and the user account email address is authenticated or logged on to the Windows 10 desktop.  What now?

 

Front Desk Applications:
Outlook
Word
Excel
Chrome
Firefox
Scanning Software
Foxit Reader

 

Document As You Go

  • Keepass User and Email
  • Info Sheet

 

 

 

A Brief Nerding Out Session.  (most people can skip ahead) Azure AD Resources:

 

Azure AD is *not* a domain.   Azure AD is fundamentally different than a domain environment.

Azure AD accounts use the user@dns-name.com naming format.  But it should not be mistaken as an email address.  A user *may* have the same email, but it isn’t necessary.  If you create an Azure AD tenant, and create an Azure AD user in the portal, that account can be used to log into a windows 10 that is joined to the same Azure AD tenant using the user@dns-name.com account format even if no email is associated with that account.

With that said, no there are no other formats (such as the old-school NetBIOS\username format of old) that works.  In Azure AD, it will always be user@tenant.tld

 

Windows 10 Azure AD Summary

 

There you go!   You have Azure AD IT administrator experience.  This is a nice foundation piece for you to add on to more IT related administrator stuff later.

 

Azure AD:

Hosted O365 Resources:

Exchange or Mail Locally Hosted On-Site Resources:

Hosted or Local Hosted Links:

 

Leave a Reply

Your email address will not be published. Required fields are marked *