Know your Azure AD Device Identities! Azure AD Registered, AAD Joined, and Hybrid Azure AD Joined

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we review the three types of azure ID device identities Azure ad registered Azure ID joined and hybrid Azure 80 joined [Music] hello everyone I'm Travis and this is xareltos in this video we look at the three different device identities used in Azure ID a device can be registered joined or hybrid joined to Azure ID coming up we'll review each option before that please like subscribe and share with a friend leave a comment below letting me know your thoughts check out my hybrid identity course on udemy.com for more information on Azure 80 identities the link is below and thank you channel members your support is appreciated back to it let's start with what a device identity is to manage devices in Azure the device needs an identity just like users and groups computers that connect to Azure 80 have an identity but unlike users and groups we as administrators don't always get to select the device's users use to access Azure ID Services I'm talking about exchange online SharePoint online and other Microsoft 365 Services there are three types of identities in Azure ID they are Azure 80 registered Azure 80 joined and hybrid Azure ID joined let's move review the first example Azure ad registered many organizations leverage a bring your own device policy this could be a computer or mobile device we don't have much control over these devices because they're not owned by the organization however they are used to access company data when a user logs in with a personal device a new Azure ID registered identity for that device is added to Azure ID with these devices no organizational ID and Azure ID account for example is required for the user to sign in the local device account is used these devices could be a Windows 10 or Windows 11 computer and iOS or Android device or a Mac or Linux device we can limit access to resources in the organization based on the identity type with conditional access policies we can further secure these devices with a mobile device management tool such as InTune for example we can use InTune to enforce policies on the device before the user can access company resources the key to remember Azure 80 registered identities are for personal devices in a bring your own device configuration the next type of identity is azure ID join devices Azure 80 join devices are under organizational management and typically but not always owned by the organization an Azure ad user account is used to access Azure 80 join devices and access company resources these devices can be managed with an MDM tool like InTune or co-manage with Microsoft Configuration manager using these tools we can use organizational policies that enforce configurations such as encrypting storage complex password or ad Company software Azure adjoined computers don't need Windows Active Directory for management or connectivity to an on-premises Network that makes Azure 80 joined a good option for organizations that don't use Windows ad or where users don't have access to a private company network but the device still needs to be managed by by the organization the key to these devices is their company owned or at least under company management and users sign in with an Azure 80 account single sign-on to Azure ID services will work with Azure 80 join devices and they don't need access to a private company Network that brings us to hybrid Azure adjoin this is for situations where Windows 80 is in use and the devices are windows 80 joined Azure 80 connect sync creates hybrid Azure ad identities by synchronizing device identities from Windows 80 to Azure 80. hybrid identities only work when our devices are windows 80 join and we use Azure 80 connect sync users sign into the device with a Windows 80 identity and we can manage the device with existing Windows 80 tools such as group policies or we can leverage configuration manager or co-manage with InTune the computers need to be connected to the private Windows 80 Network occasionally either attached locally to a private Network or by VPN because they have an identity in Azure ID devices can be included in conditional access policy single sign-ons will work with these devices also hybrid Azure 80 join is a good option for organizations that need to use Windows ad but also want to take advantage of azure ID or organizations that are migrating to Cloud only the downside is that there are two environments to manage Windows 80 and Azure ID the takeaway is that hybrid Azure adjoin requires Azure 80 connect sync to synchronize Windows 80 devices to Azure ID with it we get to continue to use on-premises configuration tools such as group policies and tools like configuration manager we also get to use the Azure ID tools like adding the devices to a conditional access policy there we have it the three different options for Azure 80 device identities please don't forget to like And subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 2,532

Rating: undefined out of 5

Keywords: Azure AD Registered, Azure AD Joined, and Hybrid Azure AD Joined, Azure, Azure AD, MFA, multi-factor authentication, Azure Management, free tutorial, Azure Free, sysadmin, cloud computing, cloud, Azure Active Directory

Id: jr9w2W-lRVI

Channel Id: undefined

Length: 5min 10sec (310 seconds)

Published: Sun May 21 2023