Aug 05, 2015 - 1 Comments - Active Directory, Azure, Office 365, Windows 10 -

Windows 10 Enterprise – Azure AD Join vs Workplace Join in Office 365

I’m beginning to test Windows 10 Enterprise at work.  My main goal was to test functionality of our LoB apps, but I pretty immediately became distracted with the option to perform an Azure AD Join instead of a traditional domain join.  After the initial installation, you’ll be given these options:

AzureADJoin01

Of course I had an “Oooh, lets play with the new thing!” moment and had to try the Join Azure AD option.  I was able to sign in with my o365 credentials, and was then prompted to create a PIN, with some vague statements saying that it is faster than a password.  Since our Mobile Device policies are all default in o365, I assume this will be the case for most people.  There is initially no option to skip this step, but if you click Create PIN, then close the popup, you get a new button that allows you to skip the PIN (but it will prompt you again each time you log in).

After the Azure AD Join, you’ll find that the machine is not actually domain joined, and is just a workgroup member.  No GPO gets applied, and the computer does not appear in your on-prem Active Directory.

In ye olde Control Panel>System, you’ll see something like:

AzureADJoin04In the newfangled System>About, you’ll see something like:

AzureADJoin03

And in your o365 Admin Center>Mobile Devices, you’ll see something like:

AzureADJoin02

So, you’ll notice that I have a few devices in my o365 MDM.  This is what I find a bit odd.  One of those devices I did a Workplace Join by adding my work account to a machine on which I use my personal Microsoft account as my main login (and is not otherwise connected to our domain either via Azure AD Join or traditional domain join).  So, it appears Workplace Join and Azure AD Join are essentially treated the same on the administrative side.  I will do some more research and testing, and post any updates.

 

So what if I want to join my Azure AD Joined computer to my domain the old school way?  Computer says no.

domainjoinerrorSo, you have to “Disconnect from organization” in the newfangled System>About screen, as shown a few images back.  Then reboot, and you can join your domain for real.