What is Azure AD registered device | A step by step demo to register devices with Azure AD

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys I hope you all are doing well and welcome to the next video of this entire series of azure active directory in the last video we talked about Azure ad audit logs and sign-in logs in this particular video we will be talking about device management we will understand what is device identity what is azure ad device registration and I will demonstrate to you how to register a device with Azure active directory a device identity is an object in Azure active directory like we have users groups or applications in Azure ad similarly devices are also an object in Azure active directory there are three ways you can add a device to Azure ad as a device identity Azure ad registration Azure ad join and hybrid Azure ad join this particular video is focused on Azure ad register devices we will cover Azure ID joint devices and hybrid Azure ready join devices in upcoming videos so let's understand what is azure ad register device and how does it work Azure ad registered devices are the personal devices these are also called bring your on device the supported operating system for Azure ad registered devices are windows Mac iOS or Android so if a user has a personal computer or a personal mobile phone you can register that device with Azure ad the user will log into these devices with his personal account but during registration process you will have to enter his Azure ad credentials so let's understand how device registration process works when a user will try to register a personal device with Azure ad he will enter his Azure ad credentials within the device then Azure ad will perform authentication on this user account and once user is authenticated this device will get registered in Azure ad and a device identity will be created in Azure active directory and during this process Azure ad will push a certificate to this device so that Azure active directory can trust this particular device and once this registration process is completed single sign-on feature will be enabled on this device that means when this user will try to log into portal.office.com or any Office 365 application this user will not be asked to enter his credentials so once a device identity is created in Azure active directory you can manage this device using MGM or mem policies using InTune or you can control the access of these devices using conditional access policies so let's move towards our lab and let's register a device with Azure ad in this demo I'm going to register this Windows 10 machine with Azure active directory I'm logged into this machine with my personal account that means this is a personal device and this is a wordgroup machine this machine is not joined to any domain so let's go to Azure active directory in Azure active directory I have created one user with name Bob Ross I'm going to register that Windows 10 machine with this particular account let's go to devices as of now I do not see any device that is registered or joined with this particular tenant so let's go back to machine so as we discussed when we register a device with Azure ad a certificate is pushed to that particular device you can go to MMC or certificate Management console and from here you will add certificates certificates personal under personal we do not see any certificate as of now and let's go to command prompt let's run dsreg CMT slash status we use this command to check the registration status so it says Azure 80 joined no Enterprise joint now domain joint is set to no as well and workplace joint is set to no that means this device is not registered with Azure active directory and let me show you the host name as well the hostname of this device is desktop 8mm B5 q0 so let's minimize the command prompt and now let's go to settings go to accounts click access work or school and then click connect now here you need to type the credentials of azure active directory user the one that I just created I'm going to use this particular account to register this device so type the user principal name click next enter the password so it says while we register this device with your company and apply policy so now this device is getting registered with Azure active directory so it says we have added your account successfully you now have access to your organization's apps and services click on done now you will see this account under work or school account now let's go to certificates and let's refresh now we can see this certificate that is issued by Ms organization access let's go to Azure active directory and let's go to devices all devices so we can see one device identity has been created in Azure active directory under operating system you can see its Windows device under version you can see the version of operating system and join type says Azure ad registered and the owner of the device is Bob Ross that means the account that was used within this device during the registration process that account belongs to Bob Ross now if you go to users and click on the user Bob Ross and then go to devices here you can see the device that is associated with Bob Ross account now let's go back to machine and let's run tsregcmg slash status and now here you can see workplace joint is set to yes that means this device is registered to Azure active directory now let me show you one more thing let's double click on this certificate and let's go to Azure active directory open this device now here you can see one device ID it starts with d92 ends with ae4 now go back to the certificate so you can see this particular certificate is issued to t92 ends with ae4 which is the device ID of the device that we just registered to Azure active directory so this certificate is associated with the device and if you want to check the even viewer logs you can go to event viewer in even viewer logs you will go to application and service logs under applications and services logs you will go to Microsoft windows and then look for user device registration user device registration and then click admin now here you can see the logs related to device registration so the log name is Microsoft Windows user device registration and the status is the Discovery request send operation was successful next same registration log and you can see the discovery operation callback was successful the initialization of the join request was successful the join request was successfully sent to This Server these are the logs during the registration process here you can see the thumbprint of the certificate that was pushed to the device during the registration process and you can see other logs and then it says the complete join response operation was successful so if you are facing any trouble while registering the device to Azure active directory you can always refer to even viewer logs and basis on the event ID or the error code you can troubleshoot it further so now let's try to access portal.office.com and as we discussed I should not get a prompt to enter my username or password so you can see I'm logged in and I didn't enter my username or password because when you register a device with Azure active directory it enables single sign-on feature on that particular device so if you will try to access any Office 365 application like portal.office.com or portal.azure.com you will not have to enter your username and password so this is how device registration Works in Azure active directory in the next video we will be talking about Azure ad joint devices and I will demonstrate you how to join a device with Azure active directory so if you have learned something new from this particular video please write in comments and please subscribe to the channel thank you guys thank you for your time take care
Info
Channel: Office365Concepts
Views: 16,052
Rating: undefined out of 5
Keywords: what is, how to, tutorials, why, what is azure ad, what is device, device management, compliant device, what is non compliant device, what is intune, enroll device, device register with azure ad, register device with azure ad, azure ad registered device, how to register device with azure ad, register personal device with azure ad, difference between azure ad register and joined device, enroll personal device, register windows device with azure ad, register windows device
Id: Fs6GS4b1IpA
Channel Id: undefined
Length: 11min 8sec (668 seconds)
Published: Thu Nov 24 2022
Related Videos
What is Azure AD Joined Device | A step by step demo to Join devices with Azure Active Directory
Office365Concepts
17K
Azure Administrator Zero to Hero ! Configure Azure AD Connect 2.0 Step by Step Guide !
Teach Me Cloud
1.4K
How to clean up stale devices in Microsoft Entra | Microsoft
Microsoft Helps
4.1K
Understanding Azure AD Hybrid Join
John Savill's Technical Training
32K
Know your Azure AD Device Identities! Azure AD Registered, AAD Joined, and Hybrid Azure AD Joined
Travis Roberts
2.8K
Azure Active Directory Multi Factor Authentication and Security defaults
Office365Concepts
17K
PASSKEYS - What they are, why we want them and how to use them!
John Savill's Technical Training
11K
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
Adam Marczak - Azure for Everyone
682K
How to relay emails from application using Office 365 | Client Submission, Direct Send, Smtp Relay
Office365Concepts
60K
Group based licensing in Azure Active Directory
Office365Concepts
9.1K
OneDrive for Business Tutorial | Everything You Need to Know!
Office365Concepts
6K
Exchange Server Interview Q&A #shorts #youtubeshorts #office365concepts #interview #exchangeserver
Office365Concepts
7.6K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.