Join Windows 7 to Azure AD
Hello,
i was wondering is someone has any info if this is possible, without first joining Win 7 machine to local domain.
Workplace Join app requires that Win 7 is joined to local domain to be able to join that machine to Azure AD.
So, can Win 7, which is in Workgroup be joined to Azure AD?
PS> Just to be clear when i say Azure AD, I am not talking about VM in Azure running ADDS or something like that, but just simple Azure AD.
Regards,
Ivan.
i was wondering is someone has any info if this is possible, without first joining Win 7 machine to local domain.
Workplace Join app requires that Win 7 is joined to local domain to be able to join that machine to Azure AD.
So, can Win 7, which is in Workgroup be joined to Azure AD?
PS> Just to be clear when i say Azure AD, I am not talking about VM in Azure running ADDS or something like that, but just simple Azure AD.
Regards,
Ivan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
thank you for reply.
I know of a difference in Azure AD and ADDS, and that is why is specifically said Azure AD :)
As Mahesh wrote, you can join Win 7 to Azure AD but only if machine is in Windows domain already, which doe not help me in this situation.
One thing I cannot find is where it says that Win 7 Workgroup is not supported. I cannot just say to a client that it cant be done, I kinda need a link to MS where it says that it cannot be done because of this or that..
This client done not have on site DC, so that is why they wanted to join these machines directly to Azure AD. At that time I did not know you need domain joined Win 7.
thank you for reply.
I know of a difference in Azure AD and ADDS, and that is why is specifically said Azure AD :)
As Mahesh wrote, you can join Win 7 to Azure AD but only if machine is in Windows domain already, which doe not help me in this situation.
One thing I cannot find is where it says that Win 7 Workgroup is not supported. I cannot just say to a client that it cant be done, I kinda need a link to MS where it says that it cannot be done because of this or that..
This client done not have on site DC, so that is why they wanted to join these machines directly to Azure AD. At that time I did not know you need domain joined Win 7.
The purpose of registered device is to get device with mutual authentication
when u get mutual authenticated device, when it is joined to your specific onprem domain and joined to your specific azure ad tenant
this is possible because of adfs federation
otherwise tomorrow anybody can register computer to your azure ad tenant as long as he have cloud id in your tenant and password from any network
then registered device concept is not stands correct
https://docs.microsoft.com/en-in/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup#prerequisites
check above link, it need SCP to be published in ad, only domain joined machines can look and understand SCP
within SCP, it contains info about your federated azure tenant
when u get mutual authenticated device, when it is joined to your specific onprem domain and joined to your specific azure ad tenant
this is possible because of adfs federation
otherwise tomorrow anybody can register computer to your azure ad tenant as long as he have cloud id in your tenant and password from any network
then registered device concept is not stands correct
https://docs.microsoft.com/en-in/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup#prerequisites
check above link, it need SCP to be published in ad, only domain joined machines can look and understand SCP
within SCP, it contains info about your federated azure tenant
ASKER
Hi,
i have found this link, and it looks like it has nice info: https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/
Regards,
Ivan.
Azure-Joined-vs-Registered-vs-Domain.jpg
i have found this link, and it looks like it has nice info: https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/
Regards,
Ivan.
Azure-Joined-vs-Registered-vs-Domain.jpg
In addition to above, you must keep device with onprem ad network online so that adfs can register it with azure ad
if u joined machine to ad domain and take out of premise and tried to join azure ad, it's not possible
the rule applies to all windows platforns
in case of win 10 if u join workgroup win 10 device to azure ad, it is simply called as workplace join and not azure ad registered
if u joined machine to ad domain and take out of premise and tried to join azure ad, it's not possible
the rule applies to all windows platforns
in case of win 10 if u join workgroup win 10 device to azure ad, it is simply called as workplace join and not azure ad registered
definitely you can join Windows 7 device to azure ad, only prerequisite is machine must be part of domain
there is small software package developed by ms and made available for win 7 and 8 clients which need to be installed, once installed machine will get registered with azure ad, intact u can locate machine within azure ad as registered device
note that adfs and federation to azure domain is must, else setup won't work